REDHAT-BUG-638960
First published: Thu Sep 30 2010(Updated: )
An array indexing error was found in the way xpdf / poppler parsed Type1 fonts embedded in PDF documents. In FoFiType1::parse(), text representation of the numeric code value was converted to integer value using atoi(). This value was checked to ensure it's less than 256, but there was no check to ensure it's not negative (string passed to atoi() was checked to only contain characters '0'-'9' before the call though). On platforms, where atoi() could return negative result when parsing large positive values (exceeding INT_MAX), this could could lead to write out of array bounds due to use of negative index. poppler upstream commit: <a href="http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473">http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473</a> Reference: <a href="http://secunia.com/advisories/41596/">http://secunia.com/advisories/41596/</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Poppler Data |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
- http://secunia.com/advisories/41596/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=638960#c0
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=639861
- https://rhn.redhat.com/errata/RHSA-2010-0749.html
- https://rhn.redhat.com/errata/RHSA-2010-0751.html
- https://rhn.redhat.com/errata/RHSA-2010-0752.html
- https://rhn.redhat.com/errata/RHSA-2010-0753.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=595245#c22
- https://rhn.redhat.com/errata/RHSA-2010-0859.html
- https://rhn.redhat.com/errata/RHSA-2012-1201.html
- https://bugzilla.redhat.com/show_bug.cgi?id=638960
Frequently Asked Questions
What is the severity of REDHAT-BUG-638960?
The severity of REDHAT-BUG-638960 is rated as a critical vulnerability due to potential exploitation risks.
How do I fix REDHAT-BUG-638960?
To fix REDHAT-BUG-638960, update to the latest version of Poppler that addresses this vulnerability.
What are the potential impacts of REDHAT-BUG-638960?
The potential impacts of REDHAT-BUG-638960 include arbitrary code execution or denial of service when processing specially crafted PDF files.
Is my system affected by REDHAT-BUG-638960?
Your system may be affected by REDHAT-BUG-638960 if you are using vulnerable versions of Poppler that process Type1 fonts in PDF documents.
When was REDHAT-BUG-638960 reported?
REDHAT-BUG-638960 was reported on Red Hat's Bugzilla, indicating an urgent need for resolution due to its nature.
- collector/redhat-bugzilla
- alias/CVE-2010-3704
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/poppler
- canonical/poppler data