Podatność CVE-2009-3608

Podatność CVE-2009-3608

Publikacja: 2009-10-21 Modyfikacja: 2012-02-13

Opis:

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

Typ:

CWE-189

(Numeric Errors)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS	Znaczenie	Łatwość wykorzystania
9.3/10	10/10	8.6/10

Wymagany dostęp	Złożoność ataku	Autoryzacja
Zdalny	Średnia	Nie wymagana
Wpływ na poufność	Wpływ na integralność	Wpływ na dostępność
Pełny	Pełny	Pełny

Affected software
Poppler -> Poppler
Glyphandcog -> Xpdfreader
Foolabs -> XPDF

Referencje:

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

http://poppler.freedesktop.org/

http://securitytracker.com/id?1023029

http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1

http://www.debian.org/security/2009/dsa-1941

http://www.debian.org/security/2010/dsa-2028

http://www.debian.org/security/2010/dsa-2050

http://www.mandriva.com/security/advisories?name=MDVSA-2009:287

http://www.mandriva.com/security/advisories?name=MDVSA-2009:334

http://www.mandriva.com/security/advisories?name=MDVSA-2011:175

http://www.ocert.org/advisories/ocert-2009-016.html

http://www.openwall.com/lists/oss-security/2009/12/01/1

http://www.openwall.com/lists/oss-security/2009/12/01/5

http://www.openwall.com/lists/oss-security/2009/12/01/6

http://www.securityfocus.com/bid/36703

http://www.ubuntu.com/usn/USN-850-1

http://www.ubuntu.com/usn/USN-850-3

http://www.vupen.com/english/advisories/2009/2924

http://www.vupen.com/english/advisories/2009/2925

http://www.vupen.com/english/advisories/2009/2926

http://www.vupen.com/english/advisories/2009/2928

http://www.vupen.com/english/advisories/2010/0802

http://www.vupen.com/english/advisories/2010/1220

https://bugzilla.redhat.com/show_bug.cgi?id=526637

https://exchange.xforce.ibmcloud.com/vulnerabilities/53794

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536

https://rhn.redhat.com/errata/RHSA-2009-1501.html

https://rhn.redhat.com/errata/RHSA-2009-1502.html

https://rhn.redhat.com/errata/RHSA-2009-1503.html

https://rhn.redhat.com/errata/RHSA-2009-1504.html

https://rhn.redhat.com/errata/RHSA-2009-1512.html

https://rhn.redhat.com/errata/RHSA-2009-1513.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html

https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html

Podatność CVE-2009-3608

CWE-189

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

9.3/10

10/10

8.6/10

Zdalny

Średnia

Nie wymagana

Pełny

Pełny

Pełny

Affected software

Referencje: