PT-2009-6641 · Xpdf+4 · Xpdf-Reader+15

Tomas Hoger

·

Publicado

1970-01-01

·

Atualizado

2024-06-15

·

CVE-2009-3603

CVSS v2.0

9.3

Alta

VetorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Xpdf versions prior to 3.02pl4 Poppler versions prior to 0.12.1 libkscan-dev (affected versions not specified) kdegraphics-dev (affected versions not specified) xpdf-common (affected versions not specified) kviewshell (affected versions not specified) kdegraphics-dbg (affected versions not specified) kdegraphics-doc-html (affected versions not specified) kdvi (affected versions not specified) xpdf-reader (affected versions not specified) kdegraphics (affected versions not specified) xpdf-utils (affected versions not specified) libkscan1 (affected versions not specified) kdegraphics-kfile-plugins (affected versions not specified)
Description The issue is related to multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, an integer overflow in the SplashBitmap::SplashBitmap function in Xpdf and Poppler might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
Recommendations For Xpdf versions prior to 3.02pl4, update to version 3.02pl4 or later. For Poppler versions prior to 0.12.1, update to version 0.12.1 or later. For libkscan-dev, kdegraphics-dev, xpdf-common, kviewshell, kdegraphics-dbg, kdegraphics-doc-html, kdvi, xpdf-reader, kdegraphics, xpdf-utils, libkscan1, and kdegraphics-kfile-plugins, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

BDU:2015-00990
BDU:2015-00991
BDU:2015-00992
BDU:2015-00993
BDU:2015-00994
BDU:2015-00995
BDU:2015-00996
BDU:2015-00997
BDU:2015-00998
BDU:2015-02167
BDU:2015-02168
BDU:2015-02169
CVE-2009-3603
DSA-1941-1
DSA-2028-1
DSA-2050-1
OPENSUSE-SU-2024:10352-1
RHSA-2009:1504
RHSA-2009_1504
USN-850-1
USN-850-3

Produtos afetados

Debian
Poppler
Red Hat
Xpdf
Kdegraphics
Kdegraphics-Dbg
Kdegraphics-Devel
Kdegraphics-Doc-Html
Kdegraphics-Kfile-Plugins
Kdvi
Kviewshell
Libkscan-Dev
Libkscan1
Xpdf-Common
Xpdf-Reader
Xpdf-Utils