fkie_cve-2010-3704
Vulnerability from fkie_nvd
Published
2010-11-05 18:00
Modified
2024-11-21 01:19
Severity ?
Summary
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
References
secalert@redhat.comftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patchPatch
secalert@redhat.comhttp://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473Patch
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1201.html
secalert@redhat.comhttp://secunia.com/advisories/42141
secalert@redhat.comhttp://secunia.com/advisories/42357
secalert@redhat.comhttp://secunia.com/advisories/42397
secalert@redhat.comhttp://secunia.com/advisories/42691
secalert@redhat.comhttp://secunia.com/advisories/43079
secalert@redhat.comhttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-2119
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-2135
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:228
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:229
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:230
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:231
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:144
secalert@redhat.comhttp://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/10/04/6
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0749.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0751.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0752.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0753.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0859.html
secalert@redhat.comhttp://www.securityfocus.com/bid/43841
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1005-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/2897
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/3097
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0230
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=638960
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patchPatch
af854a3a-2127-422b-91ae-364da2661108http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1201.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42141
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42357
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42397
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42691
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43079
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2119
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2135
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
af854a3a-2127-422b-91ae-364da2661108http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/10/04/6
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0749.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0751.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0752.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0753.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0859.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/43841
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1005-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2897
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/3097
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0230
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=638960
Impacted products
Vendor Product Version
poppler poppler 0.8.7
poppler poppler 0.9.0
poppler poppler 0.9.1
poppler poppler 0.9.2
poppler poppler 0.9.3
poppler poppler 0.10.0
poppler poppler 0.10.1
poppler poppler 0.10.2
poppler poppler 0.10.3
poppler poppler 0.10.4
poppler poppler 0.10.5
poppler poppler 0.10.6
poppler poppler 0.10.7
poppler poppler 0.11.0
poppler poppler 0.11.1
poppler poppler 0.11.2
poppler poppler 0.11.3
poppler poppler 0.12.0
poppler poppler 0.12.1
poppler poppler 0.12.2
poppler poppler 0.12.3
poppler poppler 0.12.4
poppler poppler 0.13.0
poppler poppler 0.13.1
poppler poppler 0.13.2
poppler poppler 0.13.3
poppler poppler 0.13.4
poppler poppler 0.14.0
poppler poppler 0.14.1
poppler poppler 0.14.2
poppler poppler 0.14.3
poppler poppler 0.14.4
poppler poppler 0.14.5
poppler poppler 0.15.0
poppler poppler 0.15.1
foolabs xpdf 0.5a
foolabs xpdf 0.7a
foolabs xpdf 0.91a
foolabs xpdf 0.91b
foolabs xpdf 0.91c
foolabs xpdf 0.92a
foolabs xpdf 0.92b
foolabs xpdf 0.92c
foolabs xpdf 0.92d
foolabs xpdf 0.92e
foolabs xpdf 0.93a
foolabs xpdf 0.93b
foolabs xpdf 0.93c
foolabs xpdf 1.00a
foolabs xpdf 3.0.1
foolabs xpdf 3.02pl1
foolabs xpdf 3.02pl2
foolabs xpdf 3.02pl3
glyphandcog xpdfreader *
glyphandcog xpdfreader 0.2
glyphandcog xpdfreader 0.3
glyphandcog xpdfreader 0.4
glyphandcog xpdfreader 0.5
glyphandcog xpdfreader 0.6
glyphandcog xpdfreader 0.7
glyphandcog xpdfreader 0.80
glyphandcog xpdfreader 0.90
glyphandcog xpdfreader 0.91
glyphandcog xpdfreader 0.92
glyphandcog xpdfreader 0.93
glyphandcog xpdfreader 1.00
glyphandcog xpdfreader 1.01
glyphandcog xpdfreader 2.00
glyphandcog xpdfreader 2.01
glyphandcog xpdfreader 2.02
glyphandcog xpdfreader 2.03
glyphandcog xpdfreader 3.00
glyphandcog xpdfreader 3.01
glyphandcog xpdfreader 3.02
kde kdegraphics *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14D812D5-BC8B-4907-AA70-F8D7F982A8DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E25003C-04CE-401F-B012-F2E13DC8E8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "189FE6D1-C001-4D43-BFD2-B8421C6FAB06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAF3866C-09D2-4564-A7AE-2C49A5E8480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A43C280F-A571-4EF9-B301-244B05750933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D37AC0D5-6811-4FE2-83BB-FEF44B228645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2B24274-2F2F-4F3A-8978-390BF69EF0AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "14959178-17D0-4794-867F-AB62501EEF24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1129356-C0B0-4130-A1EF-888B02783317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CD0FA23-F797-4FB5-85AD-29AED926E02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B06D79-50AD-49D0-B372-25CA226EEA80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34735C6-2738-4CCC-9322-8F7584AB616D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "339A5BC3-7AED-4912-B6D3-BBD5FBF4AA02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "325750AA-5E10-457E-88E8-439DFB81FE1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "235861C5-B126-4A27-A51F-94568DBA5FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE3D5F0-DA69-453A-9729-03FD1151D94E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E52568-A112-4533-9CFA-55D35F40AA9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A9C7A2-DAC5-4334-9A88-CF9085A34186",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
              "matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
              "matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
              "matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
              "matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D79ABD-202F-464F-B6C3-B225FD37DD3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
              "versionEndIncluding": "3.02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:kdegraphics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A0E0FC3-B53F-462D-8562-D2464BB111E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n FoFiType1::parse en fofi/FoFiType1.cc del parseador de PDF de xpdf antes de v3.02pl5, poppler v0.8.7 y posiblemente otras versiones hasta v0.15.1, kdegraphics, y posiblemente otros productos, permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario mediante un archivo PDF con una fuente Type1 modificada que contiene un \u00edndice de matriz negativo, el cual se salta la validaci\u00f3n de entrada y que provoca una corrupci\u00f3n de memoria."
    }
  ],
  "id": "CVE-2010-3704",
  "lastModified": "2024-11-21T01:19:25.887",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-11-05T18:00:25.983",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42141"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42357"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42397"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42691"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43079"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2119"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2135"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/43841"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1005-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/2897"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/3097"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0230"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/43841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1005-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/2897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/3097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638960"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.