HTTP: Xpdf Splash DrawImage Integer Overflow
An integer overflow vulnerability exists in Xpdf. The vulnerability is due to lack of input validation when handling images within PDF documents. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted PDF file with the affected application. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the currently logged in user. In such a case, the behaviour of the target is dependent on the intention of the malicious code. In the case where code execution is not successful, the application could terminate abnormally.
Extended Description
Xpdf is prone to multiple integer-overflow vulnerabilities. Exploiting these issues may allow remote attackers to execute arbitrary code in the context of an affected application or cause denial-of-service conditions.
Affected Products
Kde kde
Short Name
HTTP:STC:ADOBE:PDF-DRAWIMG
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-3604 DrawImage Integer Overflow Splash Xpdf bid:36703
Release Date
10/14/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Pdfedit
Suse
Xpdf
Sun
Kde
Avaya
Poppler
Openoffice
Pardus
Slackware
Ubuntu
Mandriva
Adobe
Debian
CVSS Score
9.3