Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2010:230: poppler

Recommended Posts

Multiple vulnerabilities were discovered and corrected in poppler:

 

The Gfx::getPos function in the PDF parser in poppler, allows

context-dependent attackers to cause a denial of service (crash)

via unknown vectors that trigger an uninitialized pointer dereference

(CVE-2010-3702).

 

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

in poppler, allows context-dependent attackers to cause a denial

of service (crash) and possibly execute arbitrary code via a PDF

file with a crafted Type1 font that contains a negative array index,

which bypasses input validation and which triggers memory corruption

(CVE-2010-3704).

 

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

The updated packages have been patched to correct these issues.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...