CVE-2009-3604

Priority
Medium
Description
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before
3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not
properly allocate memory, which allows remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via a
crafted PDF document that triggers a NULL pointer dereference or a
heap-based buffer overflow.
References
Package
Source: gpdf (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Source: xpdf (LP Ubuntu Debian)
Upstream:released (3.02-2)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (3.02-2)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (3.02-2)
Ubuntu 13.10 (Saucy Salamander):not-affected (3.02-2)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.02-2)
Ubuntu 14.10 (Utopic Unicorn):not-affected (3.02-2)
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 13.10 (Saucy Salamander):ignored (reached end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (code not present)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Source: ipe (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needs-triage
Ubuntu 13.10 (Saucy Salamander):ignored (reached end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 14.10 (Utopic Unicorn):needs-triage
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (linked to poppler)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (linked to poppler)
Ubuntu 13.10 (Saucy Salamander):not-affected (linked to poppler)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (linked to poppler)
Ubuntu 14.10 (Utopic Unicorn):not-affected (linked to poppler)
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):released (0.12.2-2.1ubuntu1)
Ubuntu 12.04 LTS (Precise Pangolin):released (0.12.2-2.1ubuntu1)
Ubuntu 13.10 (Saucy Salamander):released (0.12.2-2.1ubuntu1)
Ubuntu 14.04 LTS (Trusty Tahr):released (0.12.2-2.1ubuntu1)
Ubuntu 14.10 (Utopic Unicorn):released (0.12.2-2.1ubuntu1)
Patches:
Upstream:http://cgit.freedesktop.org/poppler/poppler/commit/?id=1082e1671afd8ab91583dabc876304008acb021c
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (linked to poppler)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2014-07-17 15:14:28 UTC (commit 8246)