VYPR
Unrated severityNVD Advisory· Published Oct 21, 2009· Updated Jun 16, 2026

CVE-2009-3604

CVE-2009-3604

Description

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

67
  • cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
    • cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
    • cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
    • cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
    • cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
    • cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
    • cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
    • cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
    • cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*+ 55 more
    • cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
    • (no CPE)range: 0.x
  • Xpdf/Xpdfllm-fuzzy
    Range: 2.x, 3.x < 3.02pl4

Patches

Vulnerability mechanics

References

46

News mentions

0

No linked articles in our index yet.