CVE-2010-3704: Input Validation
First published: Thu Sep 30 2010(Updated: )
An array indexing error was found in the way xpdf / poppler parsed Type1 fonts embedded in PDF documents. In FoFiType1::parse(), text representation of the numeric code value was converted to integer value using atoi(). This value was checked to ensure it's less than 256, but there was no check to ensure it's not negative (string passed to atoi() was checked to only contain characters '0'-'9' before the call though). On platforms, where atoi() could return negative result when parsing large positive values (exceeding INT_MAX), this could could lead to write out of array bounds due to use of negative index. poppler upstream commit: <a href="http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473">http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473</a> Reference: <a href="http://secunia.com/advisories/41596/">http://secunia.com/advisories/41596/</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Poppler Poppler | =0.13.3 | |
| Poppler Poppler | =0.13.1 | |
| Poppler Poppler | =0.10.3 | |
| Poppler Poppler | =0.9.3 | |
| Poppler Poppler | =0.10.1 | |
| Poppler Poppler | =0.10.0 | |
| Poppler Poppler | =0.10.7 | |
| Poppler Poppler | =0.12.2 | |
| Poppler Poppler | =0.14.2 | |
| Poppler Poppler | =0.13.2 | |
| Poppler Poppler | =0.11.3 | |
| Poppler Poppler | =0.10.6 | |
| Poppler Poppler | =0.12.3 | |
| Poppler Poppler | =0.13.4 | |
| Poppler Poppler | =0.10.4 | |
| Poppler Poppler | =0.9.2 | |
| Poppler Poppler | =0.11.2 | |
| Poppler Poppler | =0.12.0 | |
| Poppler Poppler | =0.14.1 | |
| Poppler Poppler | =0.14.4 | |
| Poppler Poppler | =0.9.0 | |
| Poppler Poppler | =0.15.1 | |
| Poppler Poppler | =0.14.5 | |
| Poppler Poppler | =0.8.7 | |
| Poppler Poppler | =0.9.1 | |
| Poppler Poppler | =0.12.1 | |
| Poppler Poppler | =0.11.0 | |
| Poppler Poppler | =0.13.0 | |
| Poppler Poppler | =0.14.3 | |
| Poppler Poppler | =0.10.2 | |
| Poppler Poppler | =0.14.0 | |
| Poppler Poppler | =0.15.0 | |
| Poppler Poppler | =0.11.1 | |
| Poppler Poppler | =0.10.5 | |
| Poppler Poppler | =0.12.4 | |
| Foolabs Xpdf | =0.91c | |
| Foolabs Xpdf | =0.91b | |
| Foolabs Xpdf | =0.93b | |
| Foolabs Xpdf | =1.00a | |
| Foolabs Xpdf | =0.91a | |
| Foolabs Xpdf | =3.02pl3 | |
| Foolabs Xpdf | =0.92e | |
| Foolabs Xpdf | =0.5a | |
| Foolabs Xpdf | =0.92b | |
| Foolabs Xpdf | =0.93c | |
| Foolabs Xpdf | =0.92c | |
| Foolabs Xpdf | =3.02pl1 | |
| Foolabs Xpdf | =0.7a | |
| Foolabs Xpdf | =0.93a | |
| Foolabs Xpdf | =3.0.1 | |
| Foolabs Xpdf | =3.02pl2 | |
| Kde Kdegraphics | ||
| Foolabs Xpdf | =0.92d | |
| Foolabs Xpdf | =0.92a | |
| Glyphandcog Xpdfreader | =0.2 | |
| Glyphandcog Xpdfreader | =0.3 | |
| Glyphandcog Xpdfreader | =0.4 | |
| Glyphandcog Xpdfreader | =0.5 | |
| Glyphandcog Xpdfreader | =0.6 | |
| Glyphandcog Xpdfreader | =0.80 | |
| Glyphandcog Xpdfreader | =0.90 | |
| Glyphandcog Xpdfreader | =1.00 | |
| Glyphandcog Xpdfreader | =1.01 | |
| Glyphandcog Xpdfreader | =2.00 | |
| Glyphandcog Xpdfreader | =2.01 | |
| Glyphandcog Xpdfreader | =2.03 | |
| Glyphandcog Xpdfreader | =3.00 | |
| Glyphandcog Xpdfreader | =3.01 | |
| Glyphandcog Xpdfreader | =0.7 | |
| Glyphandcog Xpdfreader | =0.91 | |
| Glyphandcog Xpdfreader | =0.92 | |
| Glyphandcog Xpdfreader | =0.93 | |
| Glyphandcog Xpdfreader | =2.02 | |
| Glyphandcog Xpdfreader | <=3.02 | |
| Glyphandcog Xpdfreader | =3.02 |
Remedy
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
- http://www.debian.org/security/2010/dsa-2119
- http://www.redhat.com/support/errata/RHSA-2010-0751.html
- https://bugzilla.redhat.com/show_bug.cgi?id=638960
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
- http://www.redhat.com/support/errata/RHSA-2010-0749.html
- http://www.redhat.com/support/errata/RHSA-2010-0752.html
- http://www.redhat.com/support/errata/RHSA-2010-0753.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
- http://www.ubuntu.com/usn/USN-1005-1
- http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
- http://www.openwall.com/lists/oss-security/2010/10/04/6
- http://secunia.com/advisories/42141
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
- http://www.securityfocus.com/bid/43841
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
- http://www.vupen.com/english/advisories/2010/2897
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
- http://www.redhat.com/support/errata/RHSA-2010-0859.html
- http://secunia.com/advisories/42397
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
- http://www.vupen.com/english/advisories/2010/3097
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
- http://secunia.com/advisories/42357
- http://www.debian.org/security/2010/dsa-2135
- http://secunia.com/advisories/42691
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://www.vupen.com/english/advisories/2011/0230
- http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
- http://secunia.com/advisories/43079
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://secunia.com/advisories/41596/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=638960#c0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=639861
- https://rhn.redhat.com/errata/RHSA-2010-0749.html
- https://rhn.redhat.com/errata/RHSA-2010-0751.html
- https://rhn.redhat.com/errata/RHSA-2010-0752.html
- https://rhn.redhat.com/errata/RHSA-2010-0753.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=595245#c22
- https://rhn.redhat.com/errata/RHSA-2010-0859.html
- https://rhn.redhat.com/errata/RHSA-2012-1201.html
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- collector/redhat-bugzilla
- alias/CVE-2010-3704
- vendor/poppler
- canonical/poppler poppler
- version/poppler poppler/0.13.3
- version/poppler poppler/0.13.1
- version/poppler poppler/0.10.3
- version/poppler poppler/0.9.3
- version/poppler poppler/0.10.1
- version/poppler poppler/0.10.0
- version/poppler poppler/0.10.7
- version/poppler poppler/0.12.2
- version/poppler poppler/0.14.2
- version/poppler poppler/0.13.2
- version/poppler poppler/0.11.3
- version/poppler poppler/0.10.6
- version/poppler poppler/0.12.3
- version/poppler poppler/0.13.4
- version/poppler poppler/0.10.4
- version/poppler poppler/0.9.2
- version/poppler poppler/0.11.2
- version/poppler poppler/0.12.0
- version/poppler poppler/0.14.1
- version/poppler poppler/0.14.4
- version/poppler poppler/0.9.0
- version/poppler poppler/0.15.1
- version/poppler poppler/0.14.5
- version/poppler poppler/0.8.7
- version/poppler poppler/0.9.1
- version/poppler poppler/0.12.1
- version/poppler poppler/0.11.0
- version/poppler poppler/0.13.0
- version/poppler poppler/0.14.3
- version/poppler poppler/0.10.2
- version/poppler poppler/0.14.0
- version/poppler poppler/0.15.0
- version/poppler poppler/0.11.1
- version/poppler poppler/0.10.5
- version/poppler poppler/0.12.4
- vendor/foolabs
- canonical/foolabs xpdf
- version/foolabs xpdf/0.91c
- version/foolabs xpdf/0.91b
- version/foolabs xpdf/0.93b
- version/foolabs xpdf/1.00a
- version/foolabs xpdf/0.91a
- version/foolabs xpdf/3.02pl3
- version/foolabs xpdf/0.92e
- version/foolabs xpdf/0.5a
- version/foolabs xpdf/0.92b
- version/foolabs xpdf/0.93c
- version/foolabs xpdf/0.92c
- version/foolabs xpdf/3.02pl1
- version/foolabs xpdf/0.7a
- version/foolabs xpdf/0.93a
- version/foolabs xpdf/3.0.1
- version/foolabs xpdf/3.02pl2
- vendor/kde
- canonical/kde kdegraphics
- version/foolabs xpdf/0.92d
- version/foolabs xpdf/0.92a
- vendor/glyphandcog
- canonical/glyphandcog xpdfreader
- version/glyphandcog xpdfreader/0.2
- version/glyphandcog xpdfreader/0.3
- version/glyphandcog xpdfreader/0.4
- version/glyphandcog xpdfreader/0.5
- version/glyphandcog xpdfreader/0.6
- version/glyphandcog xpdfreader/0.80
- version/glyphandcog xpdfreader/0.90
- version/glyphandcog xpdfreader/1.00
- version/glyphandcog xpdfreader/1.01
- version/glyphandcog xpdfreader/2.00
- version/glyphandcog xpdfreader/2.01
- version/glyphandcog xpdfreader/2.03
- version/glyphandcog xpdfreader/3.00
- version/glyphandcog xpdfreader/3.01
- version/glyphandcog xpdfreader/0.7
- version/glyphandcog xpdfreader/0.91
- version/glyphandcog xpdfreader/0.92
- version/glyphandcog xpdfreader/0.93
- version/glyphandcog xpdfreader/2.02
- version/glyphandcog xpdfreader/3.02