Уязвимость CVE-2010-3704: Информация

Описание

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

Важность: MEDIUM (6,8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2010-3704

Опубликовано: 5 ноября 2010 г.

Изменено: 6 марта 2019 г.

Идентификатор типа ошибки: CWE-20

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
FEDORA-2010-15911
DSA-2119
RHSA-2010:0751
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=638960
FEDORA-2010-15981
RHSA-2010:0749
RHSA-2010:0752
RHSA-2010:0753
FEDORA-2010-15857
USN-1005-1
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473	Patch
[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark
42141
FEDORA-2010-16705
FEDORA-2010-16662
43841
FEDORA-2010-16744
ADV-2010-2897
MDVSA-2010:229
MDVSA-2010:230
MDVSA-2010:228
RHSA-2010:0859
42397
MDVSA-2010:231
SUSE-SR:2010:022
ADV-2010-3097
SSA:2010-324-01
42357
DSA-2135
42691
SUSE-SR:2010:024
ADV-2011-0230
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
43079
RHSA-2012:1201
MDVSA-2012:144

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:poppler:poppler:0.13.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.13.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.12.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.14.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.13.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.12.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.13.4:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.14.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.14.4:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.15.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.14.5:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.12.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.13.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.14.3:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.14.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.15.0:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*
  cpe:2.3:a:poppler:poppler:0.12.4:*:*:*:*:*:*:*
  
  Конфигурация 2
  cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
  cpe:2.3:a:kde:kdegraphics:*:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
  cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
  cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*
  End including
  3.02
  cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*

Версия: v24.5.1

Наверх

Уязвимость CVE-2010-3704: Информация

Описание

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2