Oval Definition:oval:org.mitre.oval:def:10969
Revision Date:2013-04-29Version:12
Title:The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
Description:The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-3604
Platform(s):CentOS Linux 3
CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND xpdf is earlier than 1:2.02-17.el3
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • kdegraphics-devel is earlier than 7:3.3.1-15.el4_8.2
  • OR gpdf is earlier than 0:2.8.2-7.7.2.el4_8.5
  • OR xpdf is earlier than 1:3.00-22.el4_8.1
  • OR kdegraphics is earlier than 7:3.3.1-15.el4_8.2
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • kdegraphics-devel is earlier than 7:3.5.4-15.el5_4.2
  • OR poppler-utils is earlier than 0:0.5.4-4.4.el5_3.9
  • OR poppler-devel is earlier than 0:0.5.4-4.4.el5_3.9
  • OR kdegraphics is earlier than 7:3.5.4-15.el5_4.2
  • OR poppler is earlier than 0:0.5.4-4.4.el5_3.9
    • BACK