CVE-2009-3605

Publication date 2 November 2009

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.

Read the notes from the security team

Status

Package Ubuntu Release Status
poppler 9.04 jaunty
Fixed 0.10.5-1ubuntu2.4
8.10 intrepid
Fixed 0.8.7-1ubuntu0.4
8.04 LTS hardy
Fixed 0.6.4-1ubuntu3.3
6.06 LTS dapper
Fixed 0.5.1-0ubuntu7.6

Notes

mdeslaur

for other pdf apps, see CVE-2009-0791 last patch needed so we don't get a regression in okular

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
poppler

References

Related Ubuntu Security Notices (USN)

    • USN-850-1
    • poppler vulnerabilities
    • 21 October 2009

Other references