ID

VAR-201011-0178

CVE

CVE-2010-3702

TITLE

Multiple products PDF Parser Gfx::getPos Function Input Validation Error Vulnerability

DESCRIPTION

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious PDF file with an affected application. Poppler is prone to multiple denial-of-service and memory-corruption vulnerabilities when handling malformed PDF files. Successfully exploiting these issues allows remote attackers to crash applications that use the vulnerable library, denying service to legitimate users. Due to the nature of some of these issues, arbitrary code execution may be possible; this has not been confirmed. Poppler 0.14.3 is vulnerable; other versions may also be affected. There is an input validation vulnerability in the Gfx::getPos function in the PDF parser in versions prior to xpdf 3.02pl5, poppler 0.8.7, 0.15.1 and other versions before, kdegraphics and others. ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Xpdf Two Vulnerabilities SECUNIA ADVISORY ID: SA41709 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41709/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41709 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41709/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41709/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41709 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Xpdf, which can potentially be exploited by malicious people to compromise a user's system. For more information see vulnerabilities #1 and #2 in: SA41596 SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Reported in Poppler by Joel Voss, Leviathan Security Group. Red Hat credits Sauli Pahlman of CERT-FI. ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0751.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201402-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xpdf: User-assisted execution of arbitrary code Date: February 17, 2014 Bugs: #386271 ID: 201402-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in Xpdf could result in execution of arbitrary code. Background ========== Xpdf is an X viewer for PDF files. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Description =========== Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== Gentoo has discontinued support for Xpdf. We recommend that users unmerge Xpdf: # emerge --unmerge "app-text/xpdf" References ========== [ 1 ] CVE-2009-4035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4035 [ 2 ] CVE-2010-3702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3702 [ 3 ] CVE-2010-3704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3704 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201402-17.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (lenny), these problems have been fixed in version 3.02-1.4+lenny3. For the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems don't apply, since xpdf has been patched to use the Poppler PDF library. Upgrade instructions - -------------------- If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0Q5M4ACgkQXm3vHE4uyloQDACfabZRl0gOaEHypK8Ovaggiyte XHgAn18UdLjvYoXkxzbPC7NqNvsmaCg6 =UpYe -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Background ========== Poppler is a cross-platform PDF rendering library originally based on Xpdf. A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially-crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Different vulnerability than CVE-2010-2642 (CVE-2011-0433). t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a specially crafted Type 1 font in a PDF document (CVE-2011-0764). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1552 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1553 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1554 http://www.toucan-system.com/advisories/tssa-2011-01.txt _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: f7f810e4116f27e959f188bb703c5ea1 mes5/i586/jadetex-3.12-145.3mdvmes5.2.i586.rpm e5bd1bdccaab2c7e2cafec53cacc84d1 mes5/i586/tetex-3.0-47.3mdvmes5.2.i586.rpm 79ba60000da9d48376d0682f83739d3d mes5/i586/tetex-afm-3.0-47.3mdvmes5.2.i586.rpm 2762a01972d571253ec542acc172a93b mes5/i586/tetex-context-3.0-47.3mdvmes5.2.i586.rpm 04d2e75e3725fb22fe734f3e386f140a mes5/i586/tetex-devel-3.0-47.3mdvmes5.2.i586.rpm aa4fda2fc5d73e95e1b884ab82ec06ef mes5/i586/tetex-doc-3.0-47.3mdvmes5.2.i586.rpm 188ed09bb211d33436e5c46b33be1a53 mes5/i586/tetex-dvilj-3.0-47.3mdvmes5.2.i586.rpm eed48db7403810ae54eea2bca807f327 mes5/i586/tetex-dvipdfm-3.0-47.3mdvmes5.2.i586.rpm e67df6f478840570b2faa773da08f376 mes5/i586/tetex-dvips-3.0-47.3mdvmes5.2.i586.rpm 2ae270880967e2497cbc23a515650edf mes5/i586/tetex-latex-3.0-47.3mdvmes5.2.i586.rpm 1c4d957b2bb7186866636a4a16248471 mes5/i586/tetex-mfwin-3.0-47.3mdvmes5.2.i586.rpm ce3abdde00968916b2d9fbc84c46899f mes5/i586/tetex-texi2html-3.0-47.3mdvmes5.2.i586.rpm 49c86d874f6d4f63dff0ea033a3769dc mes5/i586/tetex-usrlocal-3.0-47.3mdvmes5.2.i586.rpm 35baf4b93edcd30c2850d11691cc31f2 mes5/i586/tetex-xdvi-3.0-47.3mdvmes5.2.i586.rpm 69cf64422423d89a69c96bf28c239a5a mes5/i586/xmltex-1.9-93.3mdvmes5.2.i586.rpm afa6531e584b746b4b49ab40be16855a mes5/SRPMS/tetex-3.0-47.3mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: c74b150324e5507584fcf6d0de675540 mes5/x86_64/jadetex-3.12-145.3mdvmes5.2.x86_64.rpm ece2f503c3d2d72784a395bde4d4b55f mes5/x86_64/tetex-3.0-47.3mdvmes5.2.x86_64.rpm 579a9fd3844da7e5b0ef0745a449d4b7 mes5/x86_64/tetex-afm-3.0-47.3mdvmes5.2.x86_64.rpm 06bc60c5f500374c3f3fe24d674d614a mes5/x86_64/tetex-context-3.0-47.3mdvmes5.2.x86_64.rpm bf8aace57cf58d686bbe3c55fb4141b3 mes5/x86_64/tetex-devel-3.0-47.3mdvmes5.2.x86_64.rpm ecfe9cd5a4a5e03172d01c44c51fb5b5 mes5/x86_64/tetex-doc-3.0-47.3mdvmes5.2.x86_64.rpm 8ec49ac5b95d4caba4c2964ad60c7102 mes5/x86_64/tetex-dvilj-3.0-47.3mdvmes5.2.x86_64.rpm 318b50b134c1b78e1fc410f442dcc603 mes5/x86_64/tetex-dvipdfm-3.0-47.3mdvmes5.2.x86_64.rpm 9c1594242450e651dbccb0f23d985720 mes5/x86_64/tetex-dvips-3.0-47.3mdvmes5.2.x86_64.rpm 442fa550ce7b17d812c8b821ef3ea6d1 mes5/x86_64/tetex-latex-3.0-47.3mdvmes5.2.x86_64.rpm 62aa630345a117725cd2dde5f9e62826 mes5/x86_64/tetex-mfwin-3.0-47.3mdvmes5.2.x86_64.rpm 8534c04f7ac1d14f0f696629da487450 mes5/x86_64/tetex-texi2html-3.0-47.3mdvmes5.2.x86_64.rpm d18f2d629add6518679ca651522e92c4 mes5/x86_64/tetex-usrlocal-3.0-47.3mdvmes5.2.x86_64.rpm 444972fe98ba46addb89212663efdc33 mes5/x86_64/tetex-xdvi-3.0-47.3mdvmes5.2.x86_64.rpm 037d0d760c6df3402b9742898943b021 mes5/x86_64/xmltex-1.9-93.3mdvmes5.2.x86_64.rpm afa6531e584b746b4b49ab40be16855a mes5/SRPMS/tetex-3.0-47.3mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFQPILgmqjQ0CJFipgRAhKBAKCoEM/F4H4+e23lviOf3CYmM8VXJACfegKO 0W8FQpb3KMbHTudQn9SwMkk= =y2n2 -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

network

TYPE

code problem

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Sauli Pahlman; Joel Voss

SOURCES

LAST UPDATE DATE

2025-11-23T19:44:55.328000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE