CVE-2009-3604 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-3604 Interim 1 5 2023-02-15T02:43:31Z current 2021-05-30T12:48:44Z 2023-02-15T02:43:31Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-3604 The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html E-Mail link for SUSE-SR:2009:018 https://www.suse.com/support/security/rating/ SUSE Security Ratings The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. CVE-2009-3604 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C