CVE-2009-3607

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-3607 at MITRE

Description

Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 546393, 566697

SUSE Security Advisories:

SUSE-SR:2009:020, published Tue, 12 Jan 2010 10:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 11.1	`poppler-debuginfo >= 0.10.1-1.7.1` `poppler-debugsource >= 0.10.1-1.7.1`
openSUSE 11.1	`libpoppler-devel >= 0.10.1-1.7.1` `libpoppler-doc >= 0.10.1-1.7.1` `libpoppler-glib-devel >= 0.10.1-1.7.1` `libpoppler-glib4 >= 0.10.1-1.7.1` `libpoppler-qt2 >= 0.10.1-1.7.1` `libpoppler-qt3-devel >= 0.10.1-1.7.1` `libpoppler-qt4-3 >= 0.10.1-1.7.1` `libpoppler-qt4-devel >= 0.10.1-1.7.1` `libpoppler4 >= 0.10.1-1.7.1` `poppler-tools >= 0.10.1-1.7.1`
SUSE Linux Enterprise 11 Moblin 2.0	`poppler-debuginfo >= 0.11.2-1.7.1` `poppler-debugsource >= 0.11.2-1.7.1`	SAT Patch Nr: 1932
SUSE Linux Enterprise 11 Moblin 2.0	`libpoppler-glib4 >= 0.11.2-1.7.1` `libpoppler4 >= 0.10.1-1.34.3` `libpoppler5 >= 0.11.2-1.7.1`	SAT Patch Nr: 1932
openSUSE 11.2	`libpoppler-qt2-debuginfo >= 0.12.0-2.1.1` `poppler-debugsource >= 0.12.0-2.1.1`
openSUSE 11.2	`libpoppler-devel >= 0.12.0-2.1.1` `libpoppler-doc >= 0.12.0-2.1.1` `libpoppler-glib-devel >= 0.12.0-2.1.1` `libpoppler-glib4 >= 0.12.0-2.1.1` `libpoppler-qt2 >= 0.12.0-2.1.1` `libpoppler-qt3-devel >= 0.12.0-2.1.1` `libpoppler-qt4-3 >= 0.12.0-2.1.1` `libpoppler-qt4-devel >= 0.12.0-2.1.1` `libpoppler5 >= 0.12.0-2.1.1` `poppler-tools >= 0.12.0-2.1.1`
SUSE Linux Enterprise 11 GA DEBUGINFO	`poppler-debuginfo >= 0.10.1-1.31.1` `poppler-debugsource >= 0.10.1-1.31.1`	sle11-sdk.ia64 sle11-debuginfo.x86-64 sle11-sdk.x86-64 sles11.x86-64 sle11-debuginfo.s390x sled11.x86 sles11.x86 sle11-sdk.ppc sles11.s390x sle11-debuginfo.x86 sle11-debuginfo.ppc sle11-debuginfo.ia64 sles11.ia64 sled11.x86-64 sle11-sdk.x86 sles11.ppc sle11-sdk.s390x SAT Patch Nr: 1731
SUSE Linux Enterprise SDK 11 GA	`libpoppler-devel >= 0.10.1-1.31.1` `libpoppler-glib-devel >= 0.10.1-1.31.1` `libpoppler-qt2 >= 0.10.1-1.31.1` `libpoppler-qt3-devel >= 0.10.1-1.31.1` `libpoppler-qt4-devel >= 0.10.1-1.31.1` `poppler-tools >= 0.10.1-1.31.1`	sle11-sdk.ia64 sle11-debuginfo.x86-64 sle11-sdk.x86-64 sles11.x86-64 sle11-debuginfo.s390x sled11.x86 sles11.x86 sle11-sdk.ppc sles11.s390x sle11-debuginfo.x86 sle11-debuginfo.ppc sle11-debuginfo.ia64 sles11.ia64 sled11.x86-64 sle11-sdk.x86 sles11.ppc sle11-sdk.s390x SAT Patch Nr: 1731
SUSE Linux Enterprise SDK 11 GA	`libpoppler-devel >= 0.10.1-1.31.1` `libpoppler-glib-devel >= 0.10.1-1.31.1` `libpoppler-qt2 >= 0.10.1-1.31.1` `libpoppler-qt3-devel >= 0.10.1-1.31.1` `libpoppler-qt4-devel >= 0.10.1-1.31.1`	sle11-sdk.ia64 sle11-debuginfo.x86-64 sle11-sdk.x86-64 sles11.x86-64 sle11-debuginfo.s390x sled11.x86 sles11.x86 sle11-sdk.ppc sles11.s390x sle11-debuginfo.x86 sle11-debuginfo.ppc sle11-debuginfo.ia64 sles11.ia64 sled11.x86-64 sle11-sdk.x86 sles11.ppc sle11-sdk.s390x SAT Patch Nr: 1731
SUSE Linux Enterprise Desktop 11 GA	`libpoppler-glib4 >= 0.10.1-1.31.1` `libpoppler-qt4-3 >= 0.10.1-1.31.1` `libpoppler4 >= 0.10.1-1.31.1`	sle11-sdk.ia64 sle11-debuginfo.x86-64 sle11-sdk.x86-64 sles11.x86-64 sle11-debuginfo.s390x sled11.x86 sles11.x86 sle11-sdk.ppc sles11.s390x sle11-debuginfo.x86 sle11-debuginfo.ppc sle11-debuginfo.ia64 sles11.ia64 sled11.x86-64 sle11-sdk.x86 sles11.ppc sle11-sdk.s390x SAT Patch Nr: 1731
SUSE Linux Enterprise Server 11 GA	`libpoppler-glib4 >= 0.10.1-1.31.1` `libpoppler-qt4-3 >= 0.10.1-1.31.1` `libpoppler4 >= 0.10.1-1.31.1` `poppler-tools >= 0.10.1-1.31.1`	sle11-sdk.ia64 sle11-debuginfo.x86-64 sle11-sdk.x86-64 sles11.x86-64 sle11-debuginfo.s390x sled11.x86 sles11.x86 sle11-sdk.ppc sles11.s390x sle11-debuginfo.x86 sle11-debuginfo.ppc sle11-debuginfo.ia64 sles11.ia64 sled11.x86-64 sle11-sdk.x86 sles11.ppc sle11-sdk.s390x SAT Patch Nr: 1731
openSUSE 11.0	`poppler-debuginfo >= 0.8.2-1.5` `poppler-debugsource >= 0.8.2-1.5`
openSUSE 11.0	`libpoppler-devel >= 0.8.2-1.5` `libpoppler-doc >= 0.8.2-1.5` `libpoppler-glib-devel >= 0.8.2-1.5` `libpoppler-glib3 >= 0.8.2-1.5` `libpoppler-qt2 >= 0.8.2-1.5` `libpoppler-qt3-devel >= 0.8.2-1.5` `libpoppler-qt4-3 >= 0.8.2-1.5` `libpoppler-qt4-devel >= 0.8.2-1.5` `libpoppler3 >= 0.8.2-1.5` `poppler-tools >= 0.8.2-1.5`

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy