Upstream information

CVE-2009-3607 at MITRE

Description

Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.33
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 546393 [RESOLVED / FIXED], 566697 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11
  • libpoppler-glib4 >= 0.10.1-1.31.1
  • libpoppler-qt4-3 >= 0.10.1-1.31.1
  • libpoppler4 >= 0.10.1-1.31.1
  • poppler-tools >= 0.10.1-1.31.1
Patchnames:
slessp0-libpoppler-devel
openSUSE 11.1
  • poppler-debuginfo >= 0.10.1-1.7.1
  • poppler-debugsource >= 0.10.1-1.7.1
openSUSE 11.1
  • libpoppler-devel >= 0.10.1-1.7.1
  • libpoppler-doc >= 0.10.1-1.7.1
  • libpoppler-glib-devel >= 0.10.1-1.7.1
  • libpoppler-glib4 >= 0.10.1-1.7.1
  • libpoppler-qt2 >= 0.10.1-1.7.1
  • libpoppler-qt3-devel >= 0.10.1-1.7.1
  • libpoppler-qt4-3 >= 0.10.1-1.7.1
  • libpoppler-qt4-devel >= 0.10.1-1.7.1
  • libpoppler4 >= 0.10.1-1.7.1
  • poppler-tools >= 0.10.1-1.7.1
SUSE Linux Enterprise 11 Moblin 2.0
  • poppler-debuginfo >= 0.11.2-1.7.1
  • poppler-debugsource >= 0.11.2-1.7.1
SAT Patch Nr: 1932
SUSE Linux Enterprise 11 Moblin 2.0
  • libpoppler-glib4 >= 0.11.2-1.7.1
  • libpoppler4 >= 0.10.1-1.34.3
  • libpoppler5 >= 0.11.2-1.7.1
SAT Patch Nr: 1932
openSUSE 11.2
  • libpoppler-qt2-debuginfo >= 0.12.0-2.1.1
  • poppler-debugsource >= 0.12.0-2.1.1
openSUSE 11.2
  • libpoppler-devel >= 0.12.0-2.1.1
  • libpoppler-doc >= 0.12.0-2.1.1
  • libpoppler-glib-devel >= 0.12.0-2.1.1
  • libpoppler-glib4 >= 0.12.0-2.1.1
  • libpoppler-qt2 >= 0.12.0-2.1.1
  • libpoppler-qt3-devel >= 0.12.0-2.1.1
  • libpoppler-qt4-3 >= 0.12.0-2.1.1
  • libpoppler-qt4-devel >= 0.12.0-2.1.1
  • libpoppler5 >= 0.12.0-2.1.1
  • poppler-tools >= 0.12.0-2.1.1
SUSE Linux Enterprise SDK 11 GA
  • libpoppler-devel >= 0.10.1-1.31.1
  • libpoppler-glib-devel >= 0.10.1-1.31.1
  • libpoppler-qt2 >= 0.10.1-1.31.1
  • libpoppler-qt3-devel >= 0.10.1-1.31.1
  • libpoppler-qt4-devel >= 0.10.1-1.31.1
  • poppler-tools >= 0.10.1-1.31.1
sle11-sdk.ia64
sle11-debuginfo.x86-64
sle11-sdk.x86-64
sles11.x86-64
sle11-debuginfo.s390x
sled11.x86
sles11.x86
sle11-sdk.ppc
sles11.s390x
sle11-debuginfo.x86
sle11-debuginfo.ppc
sle11-debuginfo.ia64
sles11.ia64
sled11.x86-64
sle11-sdk.x86
sles11.ppc
sle11-sdk.s390x
SAT Patch Nr: 1731
SUSE Linux Enterprise SDK 11 GA
  • libpoppler-devel >= 0.10.1-1.31.1
  • libpoppler-glib-devel >= 0.10.1-1.31.1
  • libpoppler-qt2 >= 0.10.1-1.31.1
  • libpoppler-qt3-devel >= 0.10.1-1.31.1
  • libpoppler-qt4-devel >= 0.10.1-1.31.1
sle11-sdk.ia64
sle11-debuginfo.x86-64
sle11-sdk.x86-64
sles11.x86-64
sle11-debuginfo.s390x
sled11.x86
sles11.x86
sle11-sdk.ppc
sles11.s390x
sle11-debuginfo.x86
sle11-debuginfo.ppc
sle11-debuginfo.ia64
sles11.ia64
sled11.x86-64
sle11-sdk.x86
sles11.ppc
sle11-sdk.s390x
SAT Patch Nr: 1731
SUSE Linux Enterprise Desktop 11 GA
  • libpoppler-glib4 >= 0.10.1-1.31.1
  • libpoppler-qt4-3 >= 0.10.1-1.31.1
  • libpoppler4 >= 0.10.1-1.31.1
sle11-sdk.ia64
sle11-debuginfo.x86-64
sle11-sdk.x86-64
sles11.x86-64
sle11-debuginfo.s390x
sled11.x86
sles11.x86
sle11-sdk.ppc
sles11.s390x
sle11-debuginfo.x86
sle11-debuginfo.ppc
sle11-debuginfo.ia64
sles11.ia64
sled11.x86-64
sle11-sdk.x86
sles11.ppc
sle11-sdk.s390x
SAT Patch Nr: 1731
SUSE Linux Enterprise Server 11 GA
  • libpoppler-glib4 >= 0.10.1-1.31.1
  • libpoppler-qt4-3 >= 0.10.1-1.31.1
  • libpoppler4 >= 0.10.1-1.31.1
  • poppler-tools >= 0.10.1-1.31.1
sle11-sdk.ia64
sle11-debuginfo.x86-64
sle11-sdk.x86-64
sles11.x86-64
sle11-debuginfo.s390x
sled11.x86
sles11.x86
sle11-sdk.ppc
sles11.s390x
sle11-debuginfo.x86
sle11-debuginfo.ppc
sle11-debuginfo.ia64
sles11.ia64
sled11.x86-64
sle11-sdk.x86
sles11.ppc
sle11-sdk.s390x
SAT Patch Nr: 1731
openSUSE 11.0
  • poppler-debuginfo >= 0.8.2-1.5
  • poppler-debugsource >= 0.8.2-1.5
openSUSE 11.0
  • libpoppler-devel >= 0.8.2-1.5
  • libpoppler-doc >= 0.8.2-1.5
  • libpoppler-glib-devel >= 0.8.2-1.5
  • libpoppler-glib3 >= 0.8.2-1.5
  • libpoppler-qt2 >= 0.8.2-1.5
  • libpoppler-qt3-devel >= 0.8.2-1.5
  • libpoppler-qt4-3 >= 0.8.2-1.5
  • libpoppler-qt4-devel >= 0.8.2-1.5
  • libpoppler3 >= 0.8.2-1.5
  • poppler-tools >= 0.8.2-1.5