CVE-2009-3608

Published: 21 October 2009

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.

Priority

Medium

Status

Package Release Status
gpdf
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

ipe
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was needs-triage)
kdegraphics
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

koffice
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

libextractor
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 LTS (Xenial Xerus) Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was needs-triage)
pdfkit.framework
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

pdftohtml
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

poppler
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla)
Released (0.12.2-2.1ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (0.12.2-2.1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.12.2-2.1ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (0.12.2-2.1ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.12.2-2.1ubuntu1])
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was released [0.12.2-2.1ubuntu1])
Patches:
Upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=1082e1671afd8ab91583dabc876304008acb021c
tetex-bin
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

texlive-bin
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(linked to poppler)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(linked to poppler)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(linked to poppler)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(linked to poppler)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [linked to poppler])
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was not-affected [linked to poppler])
xpdf
Launchpad, Ubuntu, Debian
Upstream
Released (3.02-2)
Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.02-2)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(3.02-2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.02-2])
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist
(precise was not-affected [3.02-2])