PT-2009-6217 · Xpdf+3 · Xpdf+4

Tomas Hoger

Published

2009-12-16

Updated

2017-09-19

CVE-2009-4035

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Xpdf version 3.0.0 gpdf version 2.8.2 kpdf in kdegraphics version 3.3.1

Description The issue concerns a function FoFiType1::parse in the file fofi/FoFiType1.cc that fails to check the return value of getNextLine, allowing attackers to execute arbitrary code via a crafted Type 1 font in a PDF file. This can lead to a signed-to-unsigned integer conversion error and a buffer overflow.

Recommendations For Xpdf version 3.0.0, consider disabling the FoFiType1::parse function until a patch is available. For gpdf version 2.8.2, restrict access to the getNextLine function to minimize the risk of exploitation. For kpdf in kdegraphics version 3.3.1, avoid using the FoFiType1::parse function in the fofi/FoFiType1.cc file until the issue is resolved.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2009-4035

RHSA-2009:1680

RHSA-2009:1681

RHSA-2009:1682

RHSA-2009_1680

RHSA-2009_1681

RHSA-2009_1682

Affected Products

Red Hat

Xpdf

Gpdf

Kdegraphics

Kpdf

PT-2009-6217 · Xpdf+3 · Xpdf+4

CVE-2009-4035

Weakness Enumeration

Related Identifiers

Affected Products

References · 24