Bug 24286 - Multiple vulnerabilities: CVE-2010-3702, CVE-2010-3703, CVE-2010-3704
Summary: Multiple vulnerabilities: CVE-2010-3702, CVE-2010-3703, CVE-2010-3704
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: poppler (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Sergey V Turchin
QA Contact: qa-sisyphus
URL: http://secunia.com/advisories/41596/
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-10-13 10:46 MSD by Vladimir Lettiev
Modified: 2010-10-21 08:52 MSD (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2010-10-13 10:46:10 MSD 
1) An error in "Gfx::getPos()" can be exploited to dereference an uninitialised pointer.

2) An array indexing error exists when parsing Type1 fonts in "FoFiType1::parse()", which can be exploited to corrupt memory via a specially crafted PDF file.

3) Other vulnerabilities are caused due to e.g. memory leak errors, which can be exploited to cause a crash by tricking a user into processing a specially crafted PDF file in an application using the library.

Also see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165

Fixed(?) in 0.14.4
Comment 1 Vladimir Lettiev 2010-10-20 09:32:25 MSD 
В Sisyphus 0.14.4-alt1. Можно закрывать баг или он ешё нужен в открытом состоянии?
Comment 2 Sergey V Turchin 2010-10-20 14:00:19 MSD 
В 0.14.4-alt1 исправлено. Я это выяснил уже после отправки на сборку.