CVE-2009-3603: Buffer Overflow
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.
Other sources
Integer overflow was discovered in SplashBitmap::SplashBitmap when computing memory allocation requirements. This issue was previously reported as CVE-2009-1188 / bug #495907 and addressed in poppler via gmalloc -> gmallocn change via: http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2
However, such fix is not sufficient, as overflow can occur even during rowSize calculation.
Splash output device is not present in xpdf 2.x, it's also not in the xpdf code embedded in CUPS or tetex.
— Red Hat
Affected Software
Remediation
Patch Available
Patch Available
Patch Available
Patch Available
Patch Available
Event History
Frequently Asked Questions
What is the severity of CVE-2009-3603?
CVE-2009-3603 has a severity rating that indicates it could allow remote attackers to execute arbitrary code via a crafted PDF document.
How do I fix CVE-2009-3603?
To mitigate CVE-2009-3603, users should upgrade to Xpdf version 3.02pl4 or higher, or to Poppler version 0.12.1 or higher.
What versions are affected by CVE-2009-3603?
CVE-2009-3603 affects Xpdf versions before 3.02pl4 and Poppler versions before 0.12.1.
What type of vulnerability is CVE-2009-3603?
CVE-2009-3603 is an integer overflow vulnerability leading to a heap-based buffer overflow.
Can CVE-2009-3603 be exploited through any file type?
Yes, CVE-2009-3603 can be exploited through specially crafted PDF documents.