Vulnerability CVE-2009-3609 - CERT Civis.Net

Vulnerability Name:

CVE-2009-3609 (CCN-53800)

Assigned:

2009-10-14

Published:

2009-10-14

Updated:

2023-02-13

Summary:

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.1 Low (REDHAT CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: Xpdf Web site
Xpdf

Source: secalert@redhat.com
Type: Exploit
secalert@redhat.com

Source: MITRE
Type: CNA
CVE-2009-3609

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SourceForge.net Web Site
SCM Repositories - pdfedit

Source: CCN
Type: Poppler Web site
Poppler

Source: secalert@redhat.com
Type: Patch, Vendor Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2009-1500
Important: xpdf security update

Source: CCN
Type: RHSA-2009-1501
Important: xpdf security update

Source: CCN
Type: RHSA-2009-1502
Important: kdegraphics security update

Source: CCN
Type: RHSA-2009-1503
Important: gpdf security update

Source: CCN
Type: RHSA-2009-1504
Important: poppler security and bug fix update

Source: CCN
Type: RHSA-2009-1512
Important: kdegraphics security update

Source: CCN
Type: RHSA-2009-1513
Moderate: cups security update

Source: CCN
Type: RHSA-2010-0399
Moderate: tetex security update

Source: CCN
Type: RHSA-2010-0400
Moderate: tetex security update

Source: CCN
Type: RHSA-2010-0401
Moderate: tetex security update

Source: CCN
Type: RHSA-2010-0755
Important: cups security update

Source: CCN
Type: SA37043
KDE KPDF Multiple Vulnerabilities

Source: CCN
Type: SA37051
CUPS "pdftops" Two Integer Overflow Vulnerabilities

Source: CCN
Type: SA37053
Xpdf Multiple Vulnerabilities

Source: CCN
Type: SA37054
Poppler Multiple Vulnerabilities

Source: CCN
Type: SA37755
Sun Solaris Gnome PDF Viewer Multiple Vulnerabilities

Source: CCN
Type: SA38713
PDFedit Xpdf Multiple Vulnerabilities

Source: CCN
Type: SA40966
KOffice PDF Import Filter Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1023029
Xpdf Integer Overflows Let Remote Users Execute Arbitrary Code

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Sun Alert ID: 274030
Multiple Security Vulnerabilities in the Solaris GNOME PDF Rendering Libraries May Lead to a Denial of Service (DoS) or Execution of Arbitrary Code

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: CUPS Web site
CUPS

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: DEBIAN
Type: DSA-2028
xpdf -- multiple vulnerabilities

Source: DEBIAN
Type: DSA-2050
kdegraphics -- several vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 59179
Xpdf Stream.cc ImageStream::ImageStream Function PDF Handling Overflow

Source: CCN
Type: OSVDB ID: 59180
Poppler Stream.cc ImageStream::ImageStream Function PDF Handling Overflow

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-36703
Xpdf Multiple Integer Overflow Vulnerabilities

Source: secalert@redhat.com
Type: Exploit, Patch
secalert@redhat.com

Source: CCN
Type: Sun Web Site
Sun Microsystems

Source: CCN
Type: USN-850-1
poppler vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: USN-850-3
poppler vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 526893
CVE-2009-3609 xpdf/poppler: ImageStream::ImageStream integer overflow

Source: secalert@redhat.com
Type: Exploit, Patch
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
xpdf-imagestream-dos(53800)

Source: CCN
Type: Ubuntu Security Notice USN-973-1
koffice vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2009:1502-1
kdegraphics security update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2009:1513-1
cups security update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: SUSE
Type: SUSE-SR:2009:018
SUSE Security Summary Report

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 9:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 10:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*

OR cpe:/a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.3.2:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.4.1:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.4.2:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.5.1:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.5.3:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.5.4:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.10.3:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.8.4:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.10.4:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.8.0:*:*:*:*:*:*:*

OR cpe:/a:poppler:poppler:0.10.6:*:*:*:*:*:*:*

OR cpe:/a:apple:cups:1.3.11:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*

OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_89::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_89::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_95::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_95::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_01::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_02::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_13::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_19::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_22::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_39::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_47::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_64::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79b::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_88::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_01::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_02::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_13::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_19::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_22::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_39::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_47::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_64::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79b::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_88::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_03::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_04::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_05::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_06::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_07::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_08::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_09::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_10::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_11::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_12::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_14::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_15::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_16::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_18::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_20::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_21::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_24::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_25::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_26::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_27::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_28::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_29::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_31::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_32::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_33::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_34::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_35::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_37::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_41::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_43::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_44::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_45::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_48::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_50::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_53::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_54::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_56::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_58::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_59::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_60::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_62::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_65::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_68::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_69::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_72::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_75::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_76::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_78::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_81::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_82::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_84::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_85::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_87::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_86::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_17::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_23::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_30::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_36::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_38::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_42::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_46::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_49::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_51::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_52::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_55::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_57::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_61::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_63::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_66::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_67::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_70::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_71::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_73::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_74::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_77::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_83::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_03::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_04::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_05::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_06::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_07::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_15::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_08::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_14::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_11::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_17::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_12::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_09::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_16::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_10::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_21::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_20::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_27::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_26::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_25::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_24::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_23::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_18::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_28::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_33::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_34::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_35::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_36::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_32::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_37::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_31::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_30::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_29::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_40::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_41::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_42::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_43::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_44::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_38::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_45::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_46::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_48::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_55::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_54::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_50::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_57::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_49::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_56::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_52::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_51::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_53::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_67::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_66::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_59::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_65::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_58::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_61::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_63::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_60::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_62::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_71::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_68::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_72::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_77::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_70::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_74::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_73::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_76::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_69::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_75::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_78::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_84::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_83::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_79::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_86::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_85::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_87::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_80::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_82::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_81::sparc:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_100::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_100::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_102::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_102::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_80::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_91::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_91::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_90::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_90::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_40::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_104::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_104::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_101::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_101::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_105::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_105::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_92::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_92::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_93::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_94::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_99::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_98::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_97::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_96::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_94::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_93::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_99::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_97::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_98::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_96::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_103::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_103::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_106::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_106::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_107::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_107::x86:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_108::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_109::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_110::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_108::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_109::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_110::x86:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_111::sparc:*:*:*:*:*

OR cpe:/o:sun:opensolaris:build_snv_111::x86:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*

OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20093609	V	CVE-2009-3609	2017-09-27
oval:org.mitre.oval:def:28897	P	RHSA-2009:1502 -- kdegraphics security update (Important)	2015-08-17
oval:org.mitre.oval:def:28916	P	RHSA-2009:1504 -- poppler security and bug fix update (Important)	2015-08-17
oval:org.mitre.oval:def:29310	P	RHSA-2009:1513 -- cups security update (Moderate)	2015-08-17
oval:org.mitre.oval:def:11826	P	DSA-2050 kdegraphics -- several vulnerabilities	2015-02-23
oval:org.mitre.oval:def:13298	P	DSA-2050-1 kdegraphics -- several	2015-02-23
oval:org.mitre.oval:def:23168	P	ELSA-2010:0400: tetex security update (Moderate)	2014-07-21
oval:org.mitre.oval:def:13701	P	USN-850-1 -- poppler vulnerabilities	2014-07-07
oval:org.mitre.oval:def:13355	P	USN-973-1 -- koffice vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13322	P	USN-850-3 -- poppler vulnerabilities	2014-06-30
oval:org.mitre.oval:def:13382	P	DSA-2028-1 xpdf -- multiple	2014-06-23
oval:org.mitre.oval:def:6990	P	DSA-2028 xpdf -- multiple vulnerabilities	2014-06-23
oval:org.mitre.oval:def:22899	P	ELSA-2009:1513: cups security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:22929	P	ELSA-2009:1502: kdegraphics security update (Important)	2014-05-26
oval:org.mitre.oval:def:22959	P	ELSA-2009:1504: poppler security and bug fix update (Important)	2014-05-26
oval:org.mitre.oval:def:22251	P	RHSA-2010:0400: tetex security update (Moderate)	2014-02-24
oval:org.mitre.oval:def:11043	V	Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.	2013-04-29
oval:com.redhat.rhsa:def:20100755	P	RHSA-2010:0755: cups security update (Important)	2010-10-07
oval:org.mitre.oval:def:8134	V	Multiple Security Vulnerabilities in the Solaris GNOME PDF Rendering Libraries May Lead to a Denial of Service (DoS) or Execution of Arbitrary Code	2010-06-07
oval:org.debian:def:2050	V	several vulnerabilities	2010-05-24
oval:com.redhat.rhsa:def:20100399	P	RHSA-2010:0399: tetex security update (Moderate)	2010-05-06
oval:com.redhat.rhsa:def:20100400	P	RHSA-2010:0400: tetex security update (Moderate)	2010-05-06
oval:com.redhat.rhsa:def:20100401	P	RHSA-2010:0401: tetex security update (Moderate)	2010-05-06
oval:org.debian:def:2028	V	multiple vulnerabilities	2010-04-05
oval:com.ubuntu.precise:def:20093609000	V	CVE-2009-3609 on Ubuntu 12.04 LTS (precise) - medium.	2009-10-21
oval:com.ubuntu.xenial:def:200936090000000	V	CVE-2009-3609 on Ubuntu 16.04 LTS (xenial) - medium.	2009-10-21
oval:com.ubuntu.artful:def:20093609000	V	CVE-2009-3609 on Ubuntu 17.10 (artful) - medium.	2009-10-21
oval:com.ubuntu.trusty:def:20093609000	V	CVE-2009-3609 on Ubuntu 14.04 LTS (trusty) - medium.	2009-10-21
oval:com.ubuntu.disco:def:200936090000000	V	CVE-2009-3609 on Ubuntu 19.04 (disco) - medium.	2009-10-21
oval:com.ubuntu.bionic:def:20093609000	V	CVE-2009-3609 on Ubuntu 18.04 LTS (bionic) - medium.	2009-10-21
oval:com.ubuntu.cosmic:def:200936090000000	V	CVE-2009-3609 on Ubuntu 18.10 (cosmic) - medium.	2009-10-21
oval:com.ubuntu.xenial:def:20093609000	V	CVE-2009-3609 on Ubuntu 16.04 LTS (xenial) - medium.	2009-10-21
oval:com.ubuntu.cosmic:def:20093609000	V	CVE-2009-3609 on Ubuntu 18.10 (cosmic) - medium.	2009-10-21
oval:com.ubuntu.bionic:def:200936090000000	V	CVE-2009-3609 on Ubuntu 18.04 LTS (bionic) - medium.	2009-10-21
oval:com.redhat.rhsa:def:20091500	P	RHSA-2009:1500: xpdf security update (Important)	2009-10-15
oval:com.redhat.rhsa:def:20091504	P	RHSA-2009:1504: poppler security and bug fix update (Important)	2009-10-15
oval:com.redhat.rhsa:def:20091501	P	RHSA-2009:1501: xpdf security update (Important)	2009-10-15
oval:com.redhat.rhsa:def:20091512	P	RHSA-2009:1512: kdegraphics security update (Important)	2009-10-15
oval:com.redhat.rhsa:def:20091502	P	RHSA-2009:1502: kdegraphics security update (Important)	2009-10-15
oval:com.redhat.rhsa:def:20091513	P	RHSA-2009:1513: cups security update (Moderate)	2009-10-15
oval:com.redhat.rhsa:def:20091503	P	RHSA-2009:1503: gpdf security update (Important)	2009-10-15