What is CVE-2009-3604?

CVE-2009-3604 is a vulnerability in Foolabs Xpdf, classified under CWE-399. Published 2009-10-21.

Is CVE-2009-3604 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Foolabs Xpdf

CVE-2009-3604

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (applicati…

EPSS: 0.087 (94.4th percentile) — read the EPSS interpretation.

Affected products

Foolabs Xpdf — versions 3.02pl1, 3.02pl2, 3.02pl3
Glyphandcog Xpdfreader — versions 2.00, 2.01, 2.02
Gnome Gpdf
Kde Kpdf
Poppler — versions 0.1, 0.1.1, 0.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (Exploit, x_refsource_MISC)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2009-3604?: CVE-2009-3604 is a vulnerability in Foolabs Xpdf, classified under CWE-399. Published 2009-10-21.
Is CVE-2009-3604 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.