Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-3704

Опубликовано: 24 сент. 2010
Источник: redhat
CVSS2: 6.8

Описание

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 3xpdfNot affected
Red Hat Enterprise Linux 4cupsNot affected
Red Hat Enterprise Linux 4tetexNot affected
Red Hat Enterprise Linux 4xpdfFixedRHSA-2010:075107.10.2010
Red Hat Enterprise Linux 4gpdfFixedRHSA-2010:075207.10.2010
Red Hat Enterprise Linux 4kdegraphicsFixedRHSA-2010:075307.10.2010
Red Hat Enterprise Linux 5popplerFixedRHSA-2010:074907.10.2010
Red Hat Enterprise Linux 5kdegraphicsFixedRHSA-2010:075307.10.2010
Red Hat Enterprise Linux 5tetexFixedRHSA-2012:120123.08.2012
Red Hat Enterprise Linux 6popplerFixedRHSA-2010:085910.11.2010

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=638960xpdf: array indexing error in FoFiType1::parse()

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-3704

ubuntu
больше 14 лет назад

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

nvd логотип

CVE-2010-3704

nvd
больше 14 лет назад

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

debian логотип

CVE-2010-3704

debian
больше 14 лет назад

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser i ...

github логотип

GHSA-fwg7-7mhm-4945

github
около 3 лет назад

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

oracle-oval логотип

ELSA-2010-0749

oracle-oval
больше 14 лет назад

ELSA-2010-0749: poppler security update (IMPORTANT)

6.8 Medium

CVSS2