What is CVE-2009-3608?

CVE-2009-3608 is a vulnerability in Foolabs Xpdf, classified under CWE-189. Published 2009-10-21.

Is CVE-2009-3608 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Foolabs Xpdf

CVE-2009-3608

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code…

EPSS: 0.102 (95.1th percentile) — read the EPSS interpretation.

Affected products

Foolabs Xpdf — versions 3.02pl1, 3.02pl2, 3.02pl3
Glyph_and_cog Pdftops
Glyphandcog Xpdfreader — versions 3.00, 3.01, 3.02
Gnome Gpdf
Kde Kpdf
Poppler — versions 0.1, 0.1.1, 0.1.2
Tetex
N/a — versions n/a

Weakness classification (CWE)

CWE-189

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2009-3608?: CVE-2009-3608 is a vulnerability in Foolabs Xpdf, classified under CWE-189. Published 2009-10-21.
Is CVE-2009-3608 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.