Search for vulnerabilities
Vulnerability details: VCID-t4rn-urpq-aaag
Vulnerability ID VCID-t4rn-urpq-aaag
Aliases CVE-2009-3605
Summary Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.
Status Published
Exploitability 0.5
Weighted Severity 6.1
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-189 Numeric Errors
CWE-190 Integer Overflow or Wraparound
System Score Found at
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.04392 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05054 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05054 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05054 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05054 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05054 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05054 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05054 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05054 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05054 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05054 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05054 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05054 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05254 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05254 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.05254 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
epss 0.13085 https://api.first.org/data/v1/epss?cve=CVE-2009-3605
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2009-3605
Reference id Reference type URL
http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5
http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a
http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3605.json
https://api.first.org/data/v1/epss?cve=CVE-2009-3605
https://bugs.launchpad.net/bugs/cve/2009-3605
https://bugzilla.redhat.com/show_bug.cgi?id=491840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3605
http://secunia.com/advisories/37114
https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz
https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7731
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
http://www.ubuntu.com/usn/USN-850-1
551289 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551289
cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
CVE-2009-3605 https://nvd.nist.gov/vuln/detail/CVE-2009-3605
GLSA-201310-03 https://security.gentoo.org/glsa/201310-03
USN-850-1 https://usn.ubuntu.com/850-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-3605
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.87949
EPSS Score 0.04392
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.