Upstream information

CVE-2009-3603 at MITRE

Description

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.3
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 539875 [RESOLVED / FIXED], 546400 [RESOLVED / FIXED], 546404 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • kdegraphics3 >= 3.5.10-1.5
  • kdegraphics3-3D >= 3.5.10-1.5
  • kdegraphics3-devel >= 3.5.10-1.5
  • kdegraphics3-extra >= 3.5.10-1.5
  • kdegraphics3-fax >= 3.5.10-1.5
  • kdegraphics3-imaging >= 3.5.10-1.5
  • kdegraphics3-kamera >= 3.5.10-1.5
  • kdegraphics3-pdf >= 3.5.10-1.5
  • kdegraphics3-postscript >= 3.5.10-1.5
  • kdegraphics3-scan >= 3.5.10-1.5
  • kdegraphics3-tex >= 3.5.10-1.5
 Patchnames:
openSUSE Tumbleweed GA kdegraphics3-3.5.10-1.5

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 06:59:09 2013
CVE page last modified: Mon Feb 13 11:26:48 2023