CVE-2009-3608: Buffer Overflow

Published Oct 1, 2009
·
Updated

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

Other sources

oCERT reported an integer overflow flaw during the C++ object allocation leading to a heap overflow discovered by Chris Rohlf, affecting xpdf's / poppler's ObjectStream::ObjectStream (XRef.cc).

objs = new Object[nObjects];

As new[] as implemented in gcc / libstdc++ does not perform integer overflow check [1], sufficiently large nObjects value (read from the input PDF file) can cause integer overflow / wrap when multiplied by sizeof(Object) resulting in insufficient memory allocation.

Affected code was introduced in Xpdf 3.00, packages including / based on this version are affected by this flaw. In Red Hat Enterprise Linux, that means: - xpdf - el4 - gpdf - el4 - poppler - el5 - kdegraphics - el4, el5 - cups - el5 - tetex - el5

Patch attempting to address this was previously added to poppler, but it incorrectly used sizeof(int) instead of sizeof(Object) [2] and hence was insufficient.

[1] http://gcc.gnu.org/bugzilla/showbug.cgi?id=19351 [2] http://cgit.freedesktop.org/poppler/poppler/commit/?id=c36d8afc http://cgit.freedesktop.org/poppler/poppler/commit/?id=f41fa9ee

Acknowledgements:

Red Hat would like to thank Chris Rohlf for reporting this issue.

Red Hat

Affected Software

69 affected componentsFixes available
redhat/xpdf<1:3.00-22.el4_8.1
1:3.00-22.el4_8.1
redhat/gpdf<0:2.8.2-7.7.2.el4_8.5
0:2.8.2-7.7.2.el4_8.5
redhat/kdegraphics<7:3.3.1-15.el4_8.2
7:3.3.1-15.el4_8.2
redhat/kdegraphics<7:3.5.4-15.el5_4.2
7:3.5.4-15.el5_4.2
redhat/poppler<0:0.5.4-4.4.el5_4.11
0:0.5.4-4.4.el5_4.11
redhat/cups<1:1.3.7-11.el5_4.3
1:1.3.7-11.el5_4.3
redhat/tetex<0:3.0-33.8.el5_5.5
0:3.0-33.8.el5_5.5
Foolabs Xpdf=3.02pl1
Foolabs Xpdf=3.02pl2
Foolabs Xpdf=3.02pl3
Glyphandcog Xpdfreader=3.00
Glyphandcog Xpdfreader=3.01
Glyphandcog Xpdfreader=3.02
Poppler Poppler<=0.12.0
Poppler Poppler=0.1
Poppler Poppler=0.1.1
Poppler Poppler=0.1.2
Poppler Poppler=0.2.0
Poppler Poppler=0.3.0
Poppler Poppler=0.3.1
Poppler Poppler=0.3.2
Poppler Poppler=0.3.3
Poppler Poppler=0.4.0
Poppler Poppler=0.4.1
Poppler Poppler=0.4.2
Poppler Poppler=0.4.3
Poppler Poppler=0.4.4
Poppler Poppler=0.5.0
Poppler Poppler=0.5.1
Poppler Poppler=0.5.2
Poppler Poppler=0.5.3
Poppler Poppler=0.5.4
Poppler Poppler=0.5.9
Poppler Poppler=0.6.0
Poppler Poppler=0.6.1
Poppler Poppler=0.6.2
Poppler Poppler=0.6.3
Poppler Poppler=0.6.4
Poppler Poppler=0.7.0
Poppler Poppler=0.7.1
Poppler Poppler=0.7.2
Poppler Poppler=0.7.3
Poppler Poppler=0.8.0
Poppler Poppler=0.8.1
Poppler Poppler=0.8.2
Poppler Poppler=0.8.3
Poppler Poppler=0.8.4
Poppler Poppler=0.8.6
Poppler Poppler=0.8.7
Poppler Poppler=0.9.0
Poppler Poppler=0.9.1
Poppler Poppler=0.9.2
Poppler Poppler=0.9.3
Poppler Poppler=0.10.0
Poppler Poppler=0.10.1
Poppler Poppler=0.10.2
Poppler Poppler=0.10.3
Poppler Poppler=0.10.4
Poppler Poppler=0.10.5
Poppler Poppler=0.10.6
Poppler Poppler=0.10.7
Poppler Poppler=0.11.0
Poppler Poppler=0.11.1
Poppler Poppler=0.11.2
Poppler Poppler=0.11.3
Glyph And Cog Pdftops
Gnome Gpdf
KDE kpdf
teTeX teTeX

Remediation

Patch Available

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

Patch Available

http://poppler.freedesktop.org/

Patch Available

http://securitytracker.com/id?1023029

Patch Available

http://www.securityfocus.com/bid/36703

Patch Available

http://www.vupen.com/english/advisories/2009/2924

Patch Available

https://bugzilla.redhat.com/show_bug.cgi?id=526637

Event History

Oct 1, 2009
Data Sourced
via Red Hat·07:54 AM
DescriptionSeverityAffected Software
Oct 14, 2009
CVE Published
via Red Hat·12:00 AM
Oct 21, 2009
CVE Published
via MITRE·05:00 PM
Data Sourced
via MITRE·05:00 PM
Description
Data Sourced
05:30 PM
DescriptionWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2009-3608?

CVE-2009-3608 is classified as a critical vulnerability due to its potential to allow remote code execution via crafted PDF documents.

2

How do I fix CVE-2009-3608?

To fix CVE-2009-3608, update Xpdf to version 3.02pl4 or later, and ensure affected software packages like Gpdf, kdegraphics, Poppler, CUPS, and teTeX are also updated to their respective fixed versions.

3

Which software is affected by CVE-2009-3608?

CVE-2009-3608 affects Xpdf versions prior to 3.02pl4, Poppler before 0.12.1, and various other applications like Gpdf, kdegraphics KPDF, and CUPS.

4

Can CVE-2009-3608 be exploited remotely?

Yes, CVE-2009-3608 can be exploited remotely through specially crafted PDF files designed to trigger the vulnerability.

5

What are the consequences of exploiting CVE-2009-3608?

Exploiting CVE-2009-3608 can lead to arbitrary code execution on the affected system, which may compromise its integrity and security.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203