What is CVE-2009-3609?

CVE-2009-3609 is a vulnerability in Foolabs Xpdf, classified under CWE-189. Published 2009-10-21.

Is CVE-2009-3609 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Foolabs Xpdf

CVE-2009-3609

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application…

EPSS: 0.045 (90.2th percentile) — read the EPSS interpretation.

Affected products

Foolabs Xpdf — versions 3.02pl1, 3.02pl2, 3.02pl3
Glyph_and_cog Pdftops
Glyphandcog Xpdfreader — versions 3.00, 3.01, 3.02
Gnome Gpdf
Kde Kpdf
Poppler — versions 0.1, 0.1.1, 0.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-189

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2009-3609?: CVE-2009-3609 is a vulnerability in Foolabs Xpdf, classified under CWE-189. Published 2009-10-21.
Is CVE-2009-3609 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.