The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
2009-10-21T17:30:00.313
2025-04-09T00:30:58.490
Deferred
CVSSv2: 9.3 (HIGH)
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | gnome | gpdf | * | No |
| Application | kde | kpdf | * | No |
| Application | foolabs | xpdf | 3.02pl1 | Yes |
| Application | foolabs | xpdf | 3.02pl2 | Yes |
| Application | foolabs | xpdf | 3.02pl3 | Yes |
| Application | glyphandcog | xpdfreader | 2.00 | Yes |
| Application | glyphandcog | xpdfreader | 2.01 | Yes |
| Application | glyphandcog | xpdfreader | 2.02 | Yes |
| Application | glyphandcog | xpdfreader | 2.03 | Yes |
| Application | glyphandcog | xpdfreader | 3.00 | Yes |
| Application | glyphandcog | xpdfreader | 3.01 | Yes |
| Application | glyphandcog | xpdfreader | 3.02 | Yes |
| Application | poppler | poppler | 0.1 | Yes |
| Application | poppler | poppler | 0.1.1 | Yes |
| Application | poppler | poppler | 0.1.2 | Yes |
| Application | poppler | poppler | 0.2.0 | Yes |
| Application | poppler | poppler | 0.3.0 | Yes |
| Application | poppler | poppler | 0.3.1 | Yes |
| Application | poppler | poppler | 0.3.2 | Yes |
| Application | poppler | poppler | 0.3.3 | Yes |
| Application | poppler | poppler | 0.4.0 | Yes |
| Application | poppler | poppler | 0.4.1 | Yes |
| Application | poppler | poppler | 0.4.2 | Yes |
| Application | poppler | poppler | 0.4.3 | Yes |
| Application | poppler | poppler | 0.4.4 | Yes |
| Application | poppler | poppler | 0.5.0 | Yes |
| Application | poppler | poppler | 0.5.1 | Yes |
| Application | poppler | poppler | 0.5.2 | Yes |
| Application | poppler | poppler | 0.5.3 | Yes |
| Application | poppler | poppler | 0.5.4 | Yes |
| Application | poppler | poppler | 0.5.9 | Yes |
| Application | poppler | poppler | 0.5.90 | Yes |
| Application | poppler | poppler | 0.5.91 | Yes |
| Application | poppler | poppler | 0.6.0 | Yes |
| Application | poppler | poppler | 0.6.1 | Yes |
| Application | poppler | poppler | 0.6.2 | Yes |
| Application | poppler | poppler | 0.6.3 | Yes |
| Application | poppler | poppler | 0.6.4 | Yes |
| Application | poppler | poppler | 0.7.0 | Yes |
| Application | poppler | poppler | 0.7.1 | Yes |
| Application | poppler | poppler | 0.7.2 | Yes |
| Application | poppler | poppler | 0.7.3 | Yes |
| Application | poppler | poppler | 0.8.0 | Yes |
| Application | poppler | poppler | 0.8.1 | Yes |
| Application | poppler | poppler | 0.8.2 | Yes |
| Application | poppler | poppler | 0.8.3 | Yes |
| Application | poppler | poppler | 0.8.4 | Yes |
| Application | poppler | poppler | 0.8.5 | Yes |
| Application | poppler | poppler | 0.8.6 | Yes |
| Application | poppler | poppler | 0.8.7 | Yes |
| Application | poppler | poppler | 0.9.0 | Yes |
| Application | poppler | poppler | 0.9.1 | Yes |
| Application | poppler | poppler | 0.9.2 | Yes |
| Application | poppler | poppler | 0.9.3 | Yes |
| Application | poppler | poppler | 0.10.0 | Yes |
| Application | poppler | poppler | 0.10.1 | Yes |
| Application | poppler | poppler | 0.10.2 | Yes |
| Application | poppler | poppler | 0.10.3 | Yes |
| Application | poppler | poppler | 0.10.4 | Yes |
| Application | poppler | poppler | 0.10.5 | Yes |
| Application | poppler | poppler | 0.10.6 | Yes |
| Application | poppler | poppler | 0.10.7 | Yes |
| Application | poppler | poppler | 0.11.0 | Yes |
| Application | poppler | poppler | 0.11.1 | Yes |
| Application | poppler | poppler | 0.11.2 | Yes |
| Application | poppler | poppler | 0.11.3 | Yes |
| Application | poppler | poppler | 0.12.0 | Yes |