This bug was fixed in the package xpdf - 3.02-1.4ubuntu2.9.10.2
---------------
xpdf (3.02-1.4ubuntu2.9.10.2) karmic-security; urgency=low
* SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
cause a denial of service (crash) via unknown vectors that trigger an
uninitialized pointer dereference.
- cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael
Gilbert)
- CVE-2010-3702
- LP: #701220
* SECURITY UPDATE: FoFiType1::parse function allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a PDF file with a crafted Type1 font that contains a
negative array index, which bypasses input validation and which triggers
memory corruption.
- cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael
Gilbert)
- CVE-2010-3704
-- Brian Thomason <[email protected]> Mon, 10 Jan 2011 15:32:39
-0500
** Changed in: xpdf (Ubuntu Karmic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/701220
Title:
[Security] xpdf - CVE-2010-3702,3704
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
