CVE-2010-3704: Input Validation
First published: Thu Sep 30 2010(Updated: )
An array indexing error was found in the way xpdf / poppler parsed Type1 fonts embedded in PDF documents. In FoFiType1::parse(), text representation of the numeric code value was converted to integer value using atoi(). This value was checked to ensure it's less than 256, but there was no check to ensure it's not negative (string passed to atoi() was checked to only contain characters '0'-'9' before the call though). On platforms, where atoi() could return negative result when parsing large positive values (exceeding INT_MAX), this could could lead to write out of array bounds due to use of negative index. poppler upstream commit: <a href="http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473">http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473</a> Reference: <a href="http://secunia.com/advisories/41596/">http://secunia.com/advisories/41596/</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Poppler Data | =0.13.3 | |
| Poppler Data | =0.13.1 | |
| Poppler Data | =0.10.3 | |
| Poppler Data | =0.9.3 | |
| Poppler Data | =0.10.1 | |
| Poppler Data | =0.10.0 | |
| Poppler Data | =0.10.7 | |
| Poppler Data | =0.12.2 | |
| Poppler Data | =0.14.2 | |
| Poppler Data | =0.13.2 | |
| Poppler Data | =0.11.3 | |
| Poppler Data | =0.10.6 | |
| Poppler Data | =0.12.3 | |
| Poppler Data | =0.13.4 | |
| Poppler Data | =0.10.4 | |
| Poppler Data | =0.9.2 | |
| Poppler Data | =0.11.2 | |
| Poppler Data | =0.12.0 | |
| Poppler Data | =0.14.1 | |
| Poppler Data | =0.14.4 | |
| Poppler Data | =0.9.0 | |
| Poppler Data | =0.15.1 | |
| Poppler Data | =0.14.5 | |
| Poppler Data | =0.8.7 | |
| Poppler Data | =0.9.1 | |
| Poppler Data | =0.12.1 | |
| Poppler Data | =0.11.0 | |
| Poppler Data | =0.13.0 | |
| Poppler Data | =0.14.3 | |
| Poppler Data | =0.10.2 | |
| Poppler Data | =0.14.0 | |
| Poppler Data | =0.15.0 | |
| Poppler Data | =0.11.1 | |
| Poppler Data | =0.10.5 | |
| Poppler Data | =0.12.4 | |
| Xpdf | =0.91c | |
| Xpdf | =0.91b | |
| Xpdf | =0.93b | |
| Xpdf | =1.00a | |
| Xpdf | =0.91a | |
| Xpdf | =3.02pl3 | |
| Xpdf | =0.92e | |
| Xpdf | =0.5a | |
| Xpdf | =0.92b | |
| Xpdf | =0.93c | |
| Xpdf | =0.92c | |
| Xpdf | =3.02pl1 | |
| Xpdf | =0.7a | |
| Xpdf | =0.93a | |
| Xpdf | =3.0.1 | |
| Xpdf | =3.02pl2 | |
| Red Hat Kdegraphics-thumbnailers | ||
| Xpdf | =0.92d | |
| Xpdf | =0.92a | |
| Glyph & Cog XpdfReader | =0.2 | |
| Glyph & Cog XpdfReader | =0.3 | |
| Glyph & Cog XpdfReader | =0.4 | |
| Glyph & Cog XpdfReader | =0.5 | |
| Glyph & Cog XpdfReader | =0.6 | |
| Glyph & Cog XpdfReader | =0.80 | |
| Glyph & Cog XpdfReader | =0.90 | |
| Glyph & Cog XpdfReader | =1.00 | |
| Glyph & Cog XpdfReader | =1.01 | |
| Glyph & Cog XpdfReader | =2.00 | |
| Glyph & Cog XpdfReader | =2.01 | |
| Glyph & Cog XpdfReader | =2.03 | |
| Glyph & Cog XpdfReader | =3.00 | |
| Glyph & Cog XpdfReader | =3.01 | |
| Glyph & Cog XpdfReader | =0.7 | |
| Glyph & Cog XpdfReader | =0.91 | |
| Glyph & Cog XpdfReader | =0.92 | |
| Glyph & Cog XpdfReader | =0.93 | |
| Glyph & Cog XpdfReader | =2.02 | |
| Glyph & Cog XpdfReader | <=3.02 | |
| Glyph & Cog XpdfReader | =3.02 |
Remedy
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
- http://www.debian.org/security/2010/dsa-2119
- http://www.redhat.com/support/errata/RHSA-2010-0751.html
- https://bugzilla.redhat.com/show_bug.cgi?id=638960
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
- http://www.redhat.com/support/errata/RHSA-2010-0749.html
- http://www.redhat.com/support/errata/RHSA-2010-0752.html
- http://www.redhat.com/support/errata/RHSA-2010-0753.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
- http://www.ubuntu.com/usn/USN-1005-1
- http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
- http://www.openwall.com/lists/oss-security/2010/10/04/6
- http://secunia.com/advisories/42141
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
- http://www.securityfocus.com/bid/43841
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
- http://www.vupen.com/english/advisories/2010/2897
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
- http://www.redhat.com/support/errata/RHSA-2010-0859.html
- http://secunia.com/advisories/42397
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
- http://www.vupen.com/english/advisories/2010/3097
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
- http://secunia.com/advisories/42357
- http://www.debian.org/security/2010/dsa-2135
- http://secunia.com/advisories/42691
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://www.vupen.com/english/advisories/2011/0230
- http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
- http://secunia.com/advisories/43079
- http://rhn.redhat.com/errata/RHSA-2012-1201.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
- http://secunia.com/advisories/41596/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=638960#c0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=639861
- https://rhn.redhat.com/errata/RHSA-2010-0749.html
- https://rhn.redhat.com/errata/RHSA-2010-0751.html
- https://rhn.redhat.com/errata/RHSA-2010-0752.html
- https://rhn.redhat.com/errata/RHSA-2010-0753.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=595245#c22
- https://rhn.redhat.com/errata/RHSA-2010-0859.html
- https://rhn.redhat.com/errata/RHSA-2012-1201.html
Frequently Asked Questions
What is the severity of CVE-2010-3704?
CVE-2010-3704 has been assigned a CVSS severity score of 4.3, indicating a medium-level vulnerability.
What types of attacks can exploit CVE-2010-3704?
CVE-2010-3704 can be exploited through crafted PDF documents that contain Type1 fonts, potentially leading to denial of service.
How do I fix CVE-2010-3704?
To fix CVE-2010-3704, update to the latest version of Poppler or Xpdf that addresses this vulnerability.
Which versions are affected by CVE-2010-3704?
CVE-2010-3704 affects Poppler versions from 0.8.7 to 0.14.5 and Xpdf versions from 0.5a to 3.02.
Is CVE-2010-3704 still a risk today?
CVE-2010-3704 may still pose a risk if vulnerable software versions are in use, making updates essential for security.
- collector/redhat-bugzilla
- alias/CVE-2010-3704
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/event
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/poppler
- canonical/poppler data
- version/poppler data/0.13.3
- version/poppler data/0.13.1
- version/poppler data/0.10.3
- version/poppler data/0.9.3
- version/poppler data/0.10.1
- version/poppler data/0.10.0
- version/poppler data/0.10.7
- version/poppler data/0.12.2
- version/poppler data/0.14.2
- version/poppler data/0.13.2
- version/poppler data/0.11.3
- version/poppler data/0.10.6
- version/poppler data/0.12.3
- version/poppler data/0.13.4
- version/poppler data/0.10.4
- version/poppler data/0.9.2
- version/poppler data/0.11.2
- version/poppler data/0.12.0
- version/poppler data/0.14.1
- version/poppler data/0.14.4
- version/poppler data/0.9.0
- version/poppler data/0.15.1
- version/poppler data/0.14.5
- version/poppler data/0.8.7
- version/poppler data/0.9.1
- version/poppler data/0.12.1
- version/poppler data/0.11.0
- version/poppler data/0.13.0
- version/poppler data/0.14.3
- version/poppler data/0.10.2
- version/poppler data/0.14.0
- version/poppler data/0.15.0
- version/poppler data/0.11.1
- version/poppler data/0.10.5
- version/poppler data/0.12.4
- vendor/foolabs
- canonical/xpdf
- version/xpdf/0.91c
- version/xpdf/0.91b
- version/xpdf/0.93b
- version/xpdf/1.00a
- version/xpdf/0.91a
- version/xpdf/3.02pl3
- version/xpdf/0.92e
- version/xpdf/0.5a
- version/xpdf/0.92b
- version/xpdf/0.93c
- version/xpdf/0.92c
- version/xpdf/3.02pl1
- version/xpdf/0.7a
- version/xpdf/0.93a
- version/xpdf/3.0.1
- version/xpdf/3.02pl2
- vendor/kde
- canonical/red hat kdegraphics-thumbnailers
- version/xpdf/0.92d
- version/xpdf/0.92a
- vendor/glyphandcog
- canonical/glyph & cog xpdfreader
- version/glyph & cog xpdfreader/0.2
- version/glyph & cog xpdfreader/0.3
- version/glyph & cog xpdfreader/0.4
- version/glyph & cog xpdfreader/0.5
- version/glyph & cog xpdfreader/0.6
- version/glyph & cog xpdfreader/0.80
- version/glyph & cog xpdfreader/0.90
- version/glyph & cog xpdfreader/1.00
- version/glyph & cog xpdfreader/1.01
- version/glyph & cog xpdfreader/2.00
- version/glyph & cog xpdfreader/2.01
- version/glyph & cog xpdfreader/2.03
- version/glyph & cog xpdfreader/3.00
- version/glyph & cog xpdfreader/3.01
- version/glyph & cog xpdfreader/0.7
- version/glyph & cog xpdfreader/0.91
- version/glyph & cog xpdfreader/0.92
- version/glyph & cog xpdfreader/0.93
- version/glyph & cog xpdfreader/2.02
- version/glyph & cog xpdfreader/3.02