what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2010-3704

Status Candidate

Overview

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

Related Files

Gentoo Linux Security Advisory 201402-17
Posted Feb 18, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-17 - Multiple vulnerabilities in Xpdf could result in execution of arbitrary code. Versions less than or equal to 3.02-r4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-4035, CVE-2010-3702, CVE-2010-3704
SHA-256 | 1f006b1e25e6174b446336d6d342e87c3bc6c5a1719a0776210c16b2b5afe4ca
Gentoo Linux Security Advisory 201310-03
Posted Oct 7, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201310-3 - Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0195, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188, CVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606, CVE-2009-3607, CVE-2009-3608, CVE-2009-3609, CVE-2009-3938, CVE-2010-3702, CVE-2010-3703, CVE-2010-3704, CVE-2010-4653, CVE-2010-4654, CVE-2012-2142
SHA-256 | 16eefcedc1f920563836019127836503bea995cfd0361da741d9651c6c38a920
Mandriva Linux Security Advisory 2012-144
Posted Aug 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-144 - Multiple vulnerabilities has been found and corrected in tetex. The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference. The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. Various other issues have also been addressed. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2010-3702, CVE-2010-3704, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
SHA-256 | 5c8b23cd2ecf83077e06d18f8f80cd038b4b0c331dd6a9baa869678d5a8dcadf
Red Hat Security Advisory 2012-1201-01
Posted Aug 24, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1201-01 - teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2010-2642, CVE-2010-3702, CVE-2010-3704, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554
SHA-256 | d3248156611725ad0fff7bd788cea1045887a17ec5ff1a6e89904341be92c76e
Debian Security Advisory 2135-1
Posted Dec 21, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2135-1 - Joel Voss of Leviathan Security Group discovered two vulnerabilities in xpdf rendering engine, which may lead to the execution of arbitrary code if a malformed PDF file is opened.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2010-3702, CVE-2010-3704
SHA-256 | 08e2892b20cf323e7d84e2a17b2b6793fa3d3356402e188b531beab256a6b2ac
Mandriva Linux Security Advisory 2010-231
Posted Nov 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-231 - The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference. The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service via a PDF file that triggers an uninitialized pointer dereference. The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2010-3702, CVE-2010-3703, CVE-2010-3704
SHA-256 | bda0eac3fcc6a27bd488c2139b589c44ca9949767c942af7f2231ba7fa93ed4f
Mandriva Linux Security Advisory 2010-230
Posted Nov 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-230 - The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference. The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2010-3702, CVE-2010-3704
SHA-256 | e9987008241858cdc47d939a6ed07854b592b833cbc729fda00bb009ede7dc7a
Mandriva Linux Security Advisory 2010-229
Posted Nov 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-229 - The Gfx::getPos function in the PDF parser in kdegraphics, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference. The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in kdegraphics, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2010-3702, CVE-2010-3704
SHA-256 | 0284f82e91807e1c0672171f87b87c2b401535241a197f83d996bf4d95e65c31
Mandriva Linux Security Advisory 2010-228
Posted Nov 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-228 - The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an uninitialized pointer dereference. The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2010-3702, CVE-2010-3704
SHA-256 | c7ea73badedcb929836bc2e5219cb5022c017b5fe4230268ae2adb6ce52c2932
Ubuntu Security Notice 1005-1
Posted Oct 19, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1005-1 - It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-3702, CVE-2010-3703, CVE-2010-3704
SHA-256 | aa17a3eeb716db23502d1975ca7e931f955fb299819a5f2e41cd2eefe2cc7f1e
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close