VYPR
Unrated severityNVD Advisory· Published Oct 21, 2009· Updated Jun 16, 2026

CVE-2009-3608

CVE-2009-3608

Description

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

61
  • cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
    • cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
    • cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
  • cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
    • cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
    • cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
  • cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*+ 52 more
    • cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*range: <=0.12.0
    • cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
    • (no CPE)range: <0.12.1
  • Xpdf/Xpdfllm-fuzzy
    Range: <3.02pl4

Patches

Vulnerability mechanics

References

53

News mentions

0

No linked articles in our index yet.