CVE-2009-3604

Name of the Vulnerable Software and Affected Versions kdegraphics versions prior to 3.02pl4 Xpdf versions 2.x and 3.x before 3.02pl4 Poppler version 0.x libkscan-dev (affected versions not specified) kdegraphics-dev (affected versions not specified) xpdf-common (affected versions not specified) kviewshell (affected versions not specified) kdegraphics-dbg (affected versions not specified) kdegraphics-doc-html (affected versions not specified) kdvi (affected versions not specified) xpdf-reader (affected versions not specified) kdegraphics (affected versions not specified) libkscan1 (affected versions not specified) xpdf-utils (affected versions not specified) kdegraphics-kfile-plugins (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libkscan-dev, kdegraphics-dev, xpdf-common, kviewshell, kdegraphics-dbg, kdegraphics-doc-html, kdvi, xpdf-reader, kdegraphics, libkscan1, xpdf-utils, and kdegraphics-kfile-plugins. These vulnerabilities can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. The Splash::drawImage function in Splash.cc in Xpdf and Poppler does not properly allocate memory, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document.

Recommendations For Xpdf versions 2.x and 3.x, update to version 3.02pl4 or later. For Poppler version 0.x, update to a version that includes the fix for the memory allocation issue. For kdegraphics versions prior to 3.02pl4, update to version 3.02pl4 or later. For libkscan-dev, kdegraphics-dev, xpdf-common, kviewshell, kdegraphics-dbg, kdegraphics-doc-html, kdvi, xpdf-reader, kdegraphics, libkscan1, xpdf-utils, and kdegraphics-kfile-plugins, at the moment, there is no information about a newer version that contains a fix for this vulnerability.