CVSS: 9.3EPSS: 4%CPEs: 55EXPL: 0CVE-2009-3607
https://notcve.org/view.php?id=CVE-2009-3607
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. la función create_surface_from_thumbnail_data en glib/poppler-page.cc en Poppler v0.x, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente la ejecución de código de su elección a través de un documento PDF manipulado que provoca un desbordamiento de búfer basado en memoria dinámica (heap). NOTA: algunos de los detalles han sido obtenidos a partir de información de terceros. • http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b706 http://secunia.com/advisories/37054 http://secunia.com/advisories/37114 http://secunia.com/advisories/37159 http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1 http://www.debian.org/security/2009/dsa-1941 http://www.mandriva.com/security/advisories?name=MDVSA-2011:175 http://www.openwall.com/lists/oss-security/2009/12/01/1&# • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 5%CPEs: 58EXPL: 1CVE-2009-3603 – xpdf/poppler: SplashBitmap:: SplashBitmap integer overflow
https://notcve.org/view.php?id=CVE-2009-3603
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188. Desbordamiento de entero en la función SplashBitmap::SplashBitmap en Xpdf v3.x anterior a v3.02pl4 y Poppler anteior a v0.12.1, podría permitir a atacantes remotos la ejecución de código de su elección a través de un documento PDF manipulado que provoca un un desbordamiento de búfer basado en memoria dinámica (heap). NOTA: algunos detalles han sido obtenidos a partir de información de terceros. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://poppler.freedesktop.org http://secunia.com/advisories/37034 http://secunia.com/advisories/37053 http://secunia.com/advi • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 41%CPEs: 67EXPL: 2CVE-2009-3604 – xpdf/poppler: Splash:: drawImage integer overflow and missing allocation return value check
https://notcve.org/view.php?id=CVE-2009-3604
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. Desbordamiento de entero en la función Splash.cc en Xpdf v3.02pl4 y Poppler v0.x, usado en n kdegraphics KPDF y GPdf, no asigna la memoria adecuadamente, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y probablemente, la ejecución de código de su elección a través de un documento PDF manipulado que provoca un deferencia a puntero nulo o un desbordamiento de búfer basado en memoria dinámica (heap). • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2 http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://lists.opensuse.org/opensuse-security-announce/2009-11/ • CWE-190: Integer Overflow or Wraparound CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 62EXPL: 1CVE-2009-3608 – xpdf/poppler: integer overflow in ObjectStream::ObjectStream (oCERT-2009-016)
https://notcve.org/view.php?id=CVE-2009-3608
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. Desbordamiento de entero en la función ObjectStream::ObjectStream en XRef.cc en Xpdf y Poppler, usado en GPdf, kdegraphics KPDF, y CUPS pdftopf y teTeX, podría permitir a atacantes remotos ejecutar código de su elección a través de un documento PDF manipulado que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://poppler.freedesktop.org http://secunia.com/advisories/37028 http://secunia.com/advisories/37034 http://secunia.com/advi • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 1%CPEs: 61EXPL: 3CVE-2009-3609 – xpdf/poppler: ImageStream:: ImageStream integer overflow
https://notcve.org/view.php?id=CVE-2009-3609
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. Desbordamiento de entero en la función ImageStream::ImageStream en Stream.cc en Xpdf v3.02pl4 y Poppler v0.12.1, usado en GPdf, kdegraphics KPDF, y CUPS pdftops, permite a atacantes remotsos provocar una denegación de servicio (caída de aplicación) a través de un documento PDF manipulado que provoca un deferencia a puntero nulo o un desbordamiento de búfer fuera del límite (over-read). • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://poppler.freedesktop.org http://secunia.com/advisories/37023 http://secunia.com/advisories/37028 http://secunia.com/advi • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •