Vulnerability CVE-2009-4035


Published: 2009-12-21   Modified: 2012-02-13

Description:
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.

Vendor: KDE
Product: KPDF 
Version: 3.3.1;
Product: Kdegraphics 
Version: 3.3.1;
Vendor: XPDF
Product: XPDF 
Version: 3.0.0;
Vendor: Gnome
Product: GPDF 
Version: 2.8.2;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://cgit.freedesktop.org/poppler/poppler/diff/fofi/FoFiType1.cc?id=4b4fc5c0
http://cgit.freedesktop.org/poppler/poppler/tree/fofi/FoFiType1.cc?id=4b4fc5c017bf147c9069bbce32fc14467bd2a81a
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html
http://www.redhat.com/support/errata/RHSA-2009-1680.html
http://www.redhat.com/support/errata/RHSA-2009-1681.html
http://www.redhat.com/support/errata/RHSA-2009-1682.html
http://www.securityfocus.com/bid/37350
http://www.securitytracker.com/id?1023356
http://www.vupen.com/english/advisories/2009/3555
https://bugzilla.redhat.com/show_bug.cgi?id=541614
https://exchange.xforce.ibmcloud.com/vulnerabilities/54831
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10996

Related CVE
CVE-2019-11460
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters ...
CVE-2019-11459
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIF...
CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can ...
CVE-2019-9633
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mis...
CVE-2017-12447
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.
CVE-2018-15587
GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
CVE-2019-3825
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to...
CVE-2019-3820
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions...

Copyright 2019, cxsecurity.com

 

Back to Top