CVE-2009-3604
EPSS 7.5%
Description
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
How to fix CVE-2009-3604
To remediate CVE-2009-3604, upgrade the affected package to a fixed version below.
- Debian/poppler—upgrade to 0.12.2-1 or later
- Debian/xpdf—upgrade to 3.02-2 or later
Is CVE-2009-3604 being exploited?
Moderate — EPSS is 7.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.12.2-1
- from 0, < 3.02-2