Unrated severityNVD Advisory· Published Oct 21, 2009· Updated Apr 23, 2026
CVE-2009-3608
CVE-2009-3608
Description
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
Affected products
58cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*+ 51 more
- cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*range: <=0.12.0
- cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
53- ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patchnvdPatch
- poppler.freedesktop.orgnvdPatchVendor Advisory
- securitytracker.com/idnvdPatch
- www.vupen.com/english/advisories/2009/2924nvdPatchVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdPatch
- www.securityfocus.com/bid/36703nvdExploitPatch
- secunia.com/advisories/37028nvdVendor Advisory
- secunia.com/advisories/37034nvdVendor Advisory
- secunia.com/advisories/37037nvdVendor Advisory
- secunia.com/advisories/37043nvdVendor Advisory
- secunia.com/advisories/37051nvdVendor Advisory
- secunia.com/advisories/37053nvdVendor Advisory
- secunia.com/advisories/37054nvdVendor Advisory
- secunia.com/advisories/37061nvdVendor Advisory
- secunia.com/advisories/37077nvdVendor Advisory
- secunia.com/advisories/37079nvdVendor Advisory
- www.vupen.com/english/advisories/2009/2925nvdVendor Advisory
- www.vupen.com/english/advisories/2009/2926nvdVendor Advisory
- www.vupen.com/english/advisories/2009/2928nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.htmlnvd
- secunia.com/advisories/37114nvd
- secunia.com/advisories/37159nvd
- secunia.com/advisories/39327nvd
- secunia.com/advisories/39938nvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- www.debian.org/security/2009/dsa-1941nvd
- www.debian.org/security/2010/dsa-2028nvd
- www.debian.org/security/2010/dsa-2050nvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.ocert.org/advisories/ocert-2009-016.htmlnvd
- www.openwall.com/lists/oss-security/2009/12/01/1nvd
- www.openwall.com/lists/oss-security/2009/12/01/5nvd
- www.openwall.com/lists/oss-security/2009/12/01/6nvd
- www.ubuntu.com/usn/USN-850-1nvd
- www.ubuntu.com/usn/USN-850-3nvd
- www.vupen.com/english/advisories/2010/0802nvd
- www.vupen.com/english/advisories/2010/1220nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/53794nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9536nvd
- rhn.redhat.com/errata/RHSA-2009-1501.htmlnvd
- rhn.redhat.com/errata/RHSA-2009-1502.htmlnvd
- rhn.redhat.com/errata/RHSA-2009-1503.htmlnvd
- rhn.redhat.com/errata/RHSA-2009-1504.htmlnvd
- rhn.redhat.com/errata/RHSA-2009-1512.htmlnvd
- rhn.redhat.com/errata/RHSA-2009-1513.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.htmlnvd
News mentions
0No linked articles in our index yet.