CVE - CVE-2010-3704

CVE-ID
CVE-2010-3704	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:42141 URL:http://secunia.com/advisories/42141 MISC:42357 URL:http://secunia.com/advisories/42357 MISC:42397 URL:http://secunia.com/advisories/42397 MISC:42691 URL:http://secunia.com/advisories/42691 MISC:43079 URL:http://secunia.com/advisories/43079 MISC:43841 URL:http://www.securityfocus.com/bid/43841 MISC:ADV-2010-2897 URL:~~http://www.vupen.com/english/advisories/2010/2897~~ (Obsolete source) MISC:ADV-2010-3097 URL:~~http://www.vupen.com/english/advisories/2010/3097~~ (Obsolete source) MISC:ADV-2011-0230 URL:~~http://www.vupen.com/english/advisories/2011/0230~~ (Obsolete source) MISC:DSA-2119 URL:http://www.debian.org/security/2010/dsa-2119 MISC:DSA-2135 URL:http://www.debian.org/security/2010/dsa-2135 MISC:FEDORA-2010-15857 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html MISC:FEDORA-2010-15911 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html MISC:FEDORA-2010-15981 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html MISC:FEDORA-2010-16662 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html MISC:FEDORA-2010-16705 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html MISC:FEDORA-2010-16744 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html MISC:MDVSA-2010:228 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:228~~ (Obsolete source) MISC:MDVSA-2010:229 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:229~~ (Obsolete source) MISC:MDVSA-2010:230 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:230~~ (Obsolete source) MISC:MDVSA-2010:231 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:231~~ (Obsolete source) MISC:MDVSA-2012:144 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2012:144~~ (Obsolete source) MISC:RHSA-2010:0749 URL:http://www.redhat.com/support/errata/RHSA-2010-0749.html MISC:RHSA-2010:0751 URL:http://www.redhat.com/support/errata/RHSA-2010-0751.html MISC:RHSA-2010:0752 URL:http://www.redhat.com/support/errata/RHSA-2010-0752.html MISC:RHSA-2010:0753 URL:http://www.redhat.com/support/errata/RHSA-2010-0753.html MISC:RHSA-2010:0859 URL:http://www.redhat.com/support/errata/RHSA-2010-0859.html MISC:RHSA-2012:1201 URL:http://rhn.redhat.com/errata/RHSA-2012-1201.html MISC:SSA:2010-324-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720 MISC:SUSE-SR:2010:022 URL:http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html MISC:SUSE-SR:2010:024 URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html MISC:USN-1005-1 URL:http://www.ubuntu.com/usn/USN-1005-1 MISC:[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark URL:http://www.openwall.com/lists/oss-security/2010/10/04/6 MISC:ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch URL:ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch MISC:http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 URL:http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 MISC:http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html URL:http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=638960 URL:https://bugzilla.redhat.com/show_bug.cgi?id=638960
Assigning CNA
Red Hat, Inc.
Date Record Created
20101001	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20101001)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)