Vulnerability CVE-2010-3704


Published: 2010-11-05   Modified: 2012-02-13

Description:
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

Type:

CWE-20

(Improper Input Validation)

Vendor: Foolabs
Product: XPDF 
Version:
3.02pl4
3.02pl3
3.02pl2
3.02pl1
3.02
3.01
3.00
3.0.1
2.03
2.02
2.01
2.00
1.01
1.00a
1.00
0.93c
0.93b
0.93a
0.93
0.92e
0.92d
0.92c
0.92b
0.92a
0.92
0.91c
0.91b
0.91a
0.91
0.90
0.80
0.7a
0.7
0.6
0.5a
0.5
0.4
0.3
0.2
Vendor: Glyphandcog
Product: Xpdfreader 
Version:
3.02
3.01
3.00
2.03
2.02
2.01
2.00
1.01
1.00
0.93
0.92
0.91
0.90
0.80
0.7
0.6
0.5
0.4
0.3
0.2
Vendor: Poppler
Product: Poppler 
Version:
0.9.3
0.9.2
0.9.1
0.9.0
0.8.7
0.15.1
0.15.0
0.14.5
0.14.4
0.14.3
0.14.2
0.14.1
0.14.0
0.13.4
0.13.3
0.13.2
0.13.1
0.13.0
0.12.4
0.12.3
0.12.2
0.12.1
0.12.0
0.11.3
0.11.2
0.11.1
0.11.0
0.10.7
0.10.6
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
Vendor: KDE
Product: Kdegraphics 

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
http://www.debian.org/security/2010/dsa-2119
http://www.debian.org/security/2010/dsa-2135
http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
http://www.openwall.com/lists/oss-security/2010/10/04/6
http://www.redhat.com/support/errata/RHSA-2010-0749.html
http://www.redhat.com/support/errata/RHSA-2010-0751.html
http://www.redhat.com/support/errata/RHSA-2010-0752.html
http://www.redhat.com/support/errata/RHSA-2010-0753.html
http://www.redhat.com/support/errata/RHSA-2010-0859.html
http://www.securityfocus.com/bid/43841
http://www.ubuntu.com/usn/USN-1005-1
http://www.vupen.com/english/advisories/2010/2897
http://www.vupen.com/english/advisories/2010/3097
http://www.vupen.com/english/advisories/2011/0230
https://bugzilla.redhat.com/show_bug.cgi?id=638960

Related CVE
CVE-2019-7443
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. I...
CVE-2019-10732
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipa...
CVE-2018-19120
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
CVE-2018-1000801
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via...
CVE-2017-17689
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVE-2018-6791
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a sh...
CVE-2018-6790
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG eleme...
CVE-2014-8878
KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.

Copyright 2019, cxsecurity.com

 

Back to Top