PT-2010-1014 · Poppler+3 · Poppler+3

Tomas Hoger

·

Publicado

2010-10-07

·

Atualizado

2019-03-06

·

CVE-2010-3704

CVSS v2.0

6.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions xpdf versions prior to 3.02pl5 poppler versions prior to 0.15.1 kdegraphics version 3.3.1
Description The issue is related to a lack of input validation in the PDF parser, which allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted PostScript Type1 font. This can lead to memory corruption. The vulnerability can be exploited remotely, potentially allowing attackers to access confidential data, disrupt its integrity, and cause a denial of service.
Recommendations For xpdf versions prior to 3.02pl5, update to version 3.02pl5 or later. For poppler versions prior to 0.15.1, update to version 0.15.1 or later. For kdegraphics version 3.3.1, consider disabling the Gfx::getPos function or restricting access to the PDF parser until a patch is available.

Correção

DoS

RCE

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-476

Identificadores relacionados

BDU:2015-02166
BDU:2015-06215
BDU:2015-06219
BDU:2015-08628
BDU:2015-08629
CVE-2010-3704
DSA-2119-1
DSA-2135-1
RHSA-2010:0749
RHSA-2010:0751
RHSA-2010:0752
RHSA-2010:0753
RHSA-2010:0859
RHSA-2010_0749
RHSA-2010_0751
RHSA-2010_0752
RHSA-2010_0753
RHSA-2010_0859
RHSA-2012:1201
RHSA-2012_1201
USN-1005-1

Produtos afetados

Red Hat
Kdegraphics
Poppler
Xpdf