CVE-2009-3608
EPSS 12.7%
Description
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
How to fix CVE-2009-3608
To remediate CVE-2009-3608, upgrade the affected package to a fixed version below.
- Debian/poppler—upgrade to 0.12.2-1 or later
- Debian/xpdf—upgrade to 3.02-2 or later
Is CVE-2009-3608 being exploited?
Moderate — EPSS is 12.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.12.2-1
- from 0, < 3.02-2