{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"critical"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2009-3604","title":"Title"},{"category":"description","text":"The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2009-3604","url":"https://www.suse.com/security/cve/CVE-2009-3604"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 539875 for CVE-2009-3604","url":"https://bugzilla.suse.com/539875"},{"category":"external","summary":"SUSE Bug 546400 for CVE-2009-3604","url":"https://bugzilla.suse.com/546400"},{"category":"external","summary":"SUSE Bug 546404 for CVE-2009-3604","url":"https://bugzilla.suse.com/546404"},{"category":"external","summary":"SUSE Bug 564517 for CVE-2009-3604","url":"https://bugzilla.suse.com/564517"},{"category":"external","summary":"Advisory link for SUSE-SR:2009:018","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VMEAISLN34UWMY72L5AVPLMJAVE4JTFW/#VMEAISLN34UWMY72L5AVPLMJAVE4JTFW"}],"title":"SUSE CVE CVE-2009-3604","tracking":{"current_release_date":"2023-12-09T03:35:38Z","generator":{"date":"2023-02-15T06:02:17Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2009-3604","initial_release_date":"2023-02-15T06:02:17Z","revision_history":[{"date":"2023-02-15T06:02:17Z","number":"2","summary":"Current version"},{"date":"2023-12-08T05:12:43Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:35:38Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}}}