Vulnerability CVE-2009-3604 - CERT Civis.Net

Vulnerability Name:

CVE-2009-3604 (CCN-53795)

Assigned:

2009-10-14

Published:

2009-10-14

Updated:

2023-02-13

Summary:

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Xpdf Web site
Xpdf

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: MITRE
Type: CNA
CVE-2009-3604

Source: CCN
Type: OpenOffice Web Site
Sun PDF Import Extension Sun PDF Import Extension 1.0.1-Linuxx8

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SourceForge.net Web Site
SCM Repositories - pdfedit

Source: CCN
Type: Poppler Web site
Poppler

Source: CCN
Type: RHSA-2009-0480
Important: poppler security update

Source: CCN
Type: RHSA-2009-1500
Important: xpdf security update

Source: CCN
Type: RHSA-2009-1501
Important: xpdf security update

Source: CCN
Type: RHSA-2009-1502
Important: kdegraphics security update

Source: CCN
Type: RHSA-2009-1503
Important: gpdf security update

Source: CCN
Type: RHSA-2009-1512
Important: kdegraphics security update

Source: CCN
Type: SA37042
Poppler "Splash::drawImage()" and "ObjectStream()" Vulnerabilities

Source: CCN
Type: SA37043
KDE KPDF Multiple Vulnerabilities

Source: CCN
Type: SA37053
Xpdf Multiple Vulnerabilities

Source: CCN
Type: SA38713
PDFedit Xpdf Multiple Vulnerabilities

Source: CCN
Type: SA41838
Sun PDF Import Extension Xpdf Vulnerability

Source: CCN
Type: SECTRACK ID: 1023029
Xpdf Integer Overflows Let Remote Users Execute Arbitrary Code

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Exploit
secalert@redhat.com

Source: CCN
Type: Sun Alert ID: 274030
Multiple Security Vulnerabilities in the Solaris GNOME PDF Rendering Libraries May Lead to a Denial of Service (DoS) or Execution of Arbitrary Code

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: DEBIAN
Type: DSA-2028
xpdf -- multiple vulnerabilities

Source: DEBIAN
Type: DSA-2050
kdegraphics -- several vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 59175
Xpdf Splash.cc Splash::drawImage Function PDF Handling Arbitrary Code Execution

Source: CCN
Type: OSVDB ID: 59176
Poppler Splash.cc Splash::drawImage Function PDF Handling Arbitrary Code Execution

Source: CCN
Type: BID-36703
Xpdf Multiple Integer Overflow Vulnerabilities

Source: secalert@redhat.com
Type: Exploit, Patch
secalert@redhat.com

Source: CCN
Type: USN-850-1
poppler vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: USN-850-3
poppler vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 526911
CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
xpdf-splashdrawimage-bo(53795)

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2009:1502-1
kdegraphics security update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: SUSE
Type: SUSE-SR:2009:018
SUSE Security Summary Report

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 10:

cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.3.2:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.4.1:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.4.2:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.5.1:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.5.3:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.5.4:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.10.3:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.8.4:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.10.4:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.8.0:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.10.6:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_89::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_89::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_95::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_95::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_13::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_19::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_22::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_39::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_47::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_64::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79b::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_88::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_13::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_19::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_22::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_39::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_47::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_64::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79b::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_88::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_10::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_11::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_12::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_14::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_15::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_16::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_18::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_20::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_21::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_24::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_25::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_26::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_27::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_28::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_29::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_31::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_32::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_33::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_34::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_35::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_37::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_41::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_43::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_44::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_45::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_48::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_50::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_53::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_54::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_56::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_58::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_59::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_60::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_62::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_65::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_68::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_69::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_72::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_75::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_76::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_78::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_81::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_82::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_84::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_85::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_87::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_86::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_17::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_23::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_30::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_36::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_38::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_42::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_46::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_49::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_51::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_52::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_55::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_57::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_61::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_63::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_66::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_67::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_70::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_71::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_73::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_74::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_77::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_83::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_15::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_14::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_11::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_17::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_12::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_16::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_10::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_21::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_20::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_27::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_26::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_25::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_24::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_23::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_18::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_28::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_33::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_34::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_35::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_36::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_32::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_37::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_31::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_30::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_29::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_40::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_41::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_42::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_43::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_44::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_38::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_45::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_46::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_48::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_55::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_54::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_50::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_57::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_49::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_56::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_52::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_51::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_53::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_67::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_66::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_59::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_65::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_58::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_61::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_63::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_60::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_62::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_71::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_68::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_72::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_77::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_70::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_74::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_73::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_76::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_69::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_75::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_78::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_84::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_83::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_86::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_85::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_87::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_80::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_82::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_81::sparc:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_100::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_100::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_102::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_102::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_80::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_91::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_91::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_90::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_90::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_40::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_104::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_104::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_101::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_101::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_105::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_105::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_92::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_92::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_93::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_94::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_99::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_98::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_97::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_96::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_94::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_93::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_99::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_97::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_98::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_96::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_103::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_103::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_106::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_106::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_107::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_107::x86:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_108::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_109::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_110::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_108::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_109::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_110::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_111::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_111::x86:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20093604	V	CVE-2009-3604	2017-09-27
oval:org.mitre.oval:def:28869	P	RHSA-2009:0480 -- poppler security update (Important)	2015-08-17
oval:org.mitre.oval:def:28897	P	RHSA-2009:1502 -- kdegraphics security update (Important)	2015-08-17
oval:org.mitre.oval:def:11826	P	DSA-2050 kdegraphics -- several vulnerabilities	2015-02-23
oval:org.mitre.oval:def:13298	P	DSA-2050-1 kdegraphics -- several	2015-02-23
oval:org.mitre.oval:def:13701	P	USN-850-1 -- poppler vulnerabilities	2014-07-07
oval:org.mitre.oval:def:13322	P	USN-850-3 -- poppler vulnerabilities	2014-06-30
oval:org.mitre.oval:def:6990	P	DSA-2028 xpdf -- multiple vulnerabilities	2014-06-23
oval:org.mitre.oval:def:13382	P	DSA-2028-1 xpdf -- multiple	2014-06-23
oval:org.mitre.oval:def:21897	P	ELSA-2009:0480: poppler security update (Important)	2014-05-26
oval:org.mitre.oval:def:22929	P	ELSA-2009:1502: kdegraphics security update (Important)	2014-05-26
oval:org.mitre.oval:def:10969	V	The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.	2013-04-29
oval:org.debian:def:2050	V	several vulnerabilities	2010-05-24
oval:org.debian:def:2028	V	multiple vulnerabilities	2010-04-05
oval:com.ubuntu.bionic:def:20093604000	V	CVE-2009-3604 on Ubuntu 18.04 LTS (bionic) - medium.	2009-10-21
oval:com.ubuntu.xenial:def:20093604000	V	CVE-2009-3604 on Ubuntu 16.04 LTS (xenial) - medium.	2009-10-21
oval:com.ubuntu.disco:def:200936040000000	V	CVE-2009-3604 on Ubuntu 19.04 (disco) - medium.	2009-10-21
oval:com.ubuntu.cosmic:def:20093604000	V	CVE-2009-3604 on Ubuntu 18.10 (cosmic) - medium.	2009-10-21
oval:com.ubuntu.cosmic:def:200936040000000	V	CVE-2009-3604 on Ubuntu 18.10 (cosmic) - medium.	2009-10-21
oval:com.ubuntu.precise:def:20093604000	V	CVE-2009-3604 on Ubuntu 12.04 LTS (precise) - medium.	2009-10-21
oval:com.ubuntu.bionic:def:200936040000000	V	CVE-2009-3604 on Ubuntu 18.04 LTS (bionic) - medium.	2009-10-21
oval:com.ubuntu.artful:def:20093604000	V	CVE-2009-3604 on Ubuntu 17.10 (artful) - medium.	2009-10-21
oval:com.ubuntu.trusty:def:20093604000	V	CVE-2009-3604 on Ubuntu 14.04 LTS (trusty) - medium.	2009-10-21
oval:com.ubuntu.xenial:def:200936040000000	V	CVE-2009-3604 on Ubuntu 16.04 LTS (xenial) - medium.	2009-10-21
oval:com.redhat.rhsa:def:20091503	P	RHSA-2009:1503: gpdf security update (Important)	2009-10-15
oval:com.redhat.rhsa:def:20091500	P	RHSA-2009:1500: xpdf security update (Important)	2009-10-15
oval:com.redhat.rhsa:def:20091512	P	RHSA-2009:1512: kdegraphics security update (Important)	2009-10-15
oval:com.redhat.rhsa:def:20091501	P	RHSA-2009:1501: xpdf security update (Important)	2009-10-15
oval:com.redhat.rhsa:def:20091502	P	RHSA-2009:1502: kdegraphics security update (Important)	2009-10-15
oval:com.redhat.rhsa:def:20090480	P	RHSA-2009:0480: poppler security update (Important)	2009-05-13