Jump to content

Advisories MDVSA-2010:231: poppler


paul
 Share

Recommended Posts

Multiple vulnerabilities were discovered and corrected in poppler:

 

The Gfx::getPos function in the PDF parser in poppler, allows

context-dependent attackers to cause a denial of service (crash)

via unknown vectors that trigger an uninitialized pointer dereference

(CVE-2010-3702).

 

The PostScriptFunction::PostScriptFunction function in

poppler/Function.cc in the PDF parser in poppler, allows

context-dependent attackers to cause a denial of service (crash)

via a PDF file that triggers an uninitialized pointer dereference

(CVE-2010-3703).

 

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

in poppler, allows context-dependent attackers to cause a denial

of service (crash) and possibly execute arbitrary code via a PDF

file with a crafted Type1 font that contains a negative array index,

which bypasses input validation and which triggers memory corruption

(CVE-2010-3704).

 

The updated packages have been patched to correct these issues.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...