DescriptionThe Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2009:018, published Tue, 10 Nov 2009 13:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 06:59:09 2013
CVE page last modified: Fri Dec 8 16:35:22 2023