*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
Binary package hint: xpdf
CVE-2010-3702:
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler
0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and
possibly other products allows context-dependent attackers to cause a
denial of service (crash) via unknown vectors that trigger an uninitialized
pointer dereference.
CVE-2010-3704:
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in
xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to
0.15.1, kdegraphics, and possibly other products allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a PDF file with a crafted Type1 font that contains a
negative array index, which bypasses input validation and which triggers
memory corruption.
** Affects: xpdf (Ubuntu)
Importance: Undecided
Status: New
--
[Security] xpdf - CVE-2010-3702,3704
https://bugs.edge.launchpad.net/bugs/701220
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
