xpdf: Multiple vulnerabilities

Users of xpdf please be advised of a denial of service and arbitrary code execution vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

MDVSA-2010:228: [MDVSA-2010:228] xpdf
Problem Description:

Multiple vulnerabilities were discovered and corrected in xpdf:

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5,

allows context-dependent attackers to cause a denial of service (crash)

via unknown vectors that trigger an uninitialized pointer dereference

(CVE-2010-3702).

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser

in xpdf before 3.02pl5, allows context-dependent attackers to cause a

denial of service (crash) and possibly execute arbitrary code via a PDF

file with a crafted Type1 font that contains a negative array index,

which bypasses input validation and which triggers memory corruption

(CVE-2010-3704).


Read more at http://www.criticalwatch.com

 

Advertisements