Package: poppler
Severity: grave
Tags: security
Justification: user security hole

Please apply the following patches referenced in the following
link for Squeeze, Lenny will be dealt with by the Security Team:
http://secunia.com/advisories/41596/ 

Most of them are crashers (analysis was done by Tomas Hoger of
Red Hat), which are not treated as security issues, but the 
following have had CVE IDs assigned:

> e853106b58 is uninitialized pointer use flaw.  Pointer value may be
> controlled by PDF content, hence if pointed to attacker-controlled
> memory, code execution may be possible via virtual method call.  This
> should date back to very old xpdf versions.

http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf

Use CVE-2010-3702

> bf2055088a seems similar to the above one.  Pointer is to the class that
> has not virtual methods, but may be used to corrupt memory.  This should
> only affect poppler versions after b1d4efb082.

http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f

Use CVE-2010-3703

> 39d140bfc0 array indexing error / underflow.  On platforms where atoi can
> return negative result, this can allow out-of-array-bounds write.  Code
> appears in old xpdf versions too.

http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473

Use CVE-2010-3704

Cheers,
        Moritz

-- System Information:
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)



--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to