Bug 24295 - Multiple vulnerabilities: CVE-2010-3702, CVE-2010-3704
Summary: Multiple vulnerabilities: CVE-2010-3702, CVE-2010-3704
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: kdegraphics (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Nobody's working on this, feel free to take it
QA Contact: qa-sisyphus
URL: http://secunia.com/advisories/41596/
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-10-14 09:12 MSD by Vladimir Lettiev
Modified: 2010-10-20 09:06 MSD (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2010-10-14 09:12:07 MSD 
+++ Данная ошибка создана размножением ошибки 24286 +++

Affects kpdf:

1) An error in "Gfx::getPos()" can be exploited to dereference an uninitialised pointer.

2) An array indexing error exists when parsing Type1 fonts in "FoFiType1::parse()", which can be exploited to corrupt memory via a specially crafted PDF file.

https://rhn.redhat.com/errata/RHSA-2010-0753.html
Comment 1 Repository Robot 2010-10-15 21:23:36 MSD 
kdegraphics-3.5.10-alt6 -> sisyphus:

* Thu Oct 14 2010 Sergey V Turchin <zerg@altlinux> 3.5.10-alt6
- CVE-2010-3702 CVE-2010-3704 (ALT#24295)