fkie_nvd - fkie_cve-2010-3704

fkie_cve-2010-3704

Vulnerability from fkie_nvd

Published

2010-11-05 18:00

Modified

2025-04-11 00:51

Severity ?

Summary

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

References

URL	Tags
secalert@redhat.com	ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch	Patch
secalert@redhat.com	http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473	Patch
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
secalert@redhat.com	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-1201.html
secalert@redhat.com	http://secunia.com/advisories/42141
secalert@redhat.com	http://secunia.com/advisories/42357
secalert@redhat.com	http://secunia.com/advisories/42397
secalert@redhat.com	http://secunia.com/advisories/42691
secalert@redhat.com	http://secunia.com/advisories/43079
secalert@redhat.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
secalert@redhat.com	http://www.debian.org/security/2010/dsa-2119
secalert@redhat.com	http://www.debian.org/security/2010/dsa-2135
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
secalert@redhat.com	http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2010/10/04/6
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2010-0749.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2010-0751.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2010-0752.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2010-0753.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2010-0859.html
secalert@redhat.com	http://www.securityfocus.com/bid/43841
secalert@redhat.com	http://www.ubuntu.com/usn/USN-1005-1
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/2897
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/3097
secalert@redhat.com	http://www.vupen.com/english/advisories/2011/0230
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=638960
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch	Patch
af854a3a-2127-422b-91ae-364da2661108	http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-1201.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42141
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42357
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42397
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42691
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43079
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2119
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2135
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
af854a3a-2127-422b-91ae-364da2661108	http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2010/10/04/6
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0749.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0751.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0752.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0753.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2010-0859.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/43841
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-1005-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2897
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/3097
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0230
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=638960

Impacted products

Vendor	Product	Version
poppler	poppler	0.8.7
poppler	poppler	0.9.0
poppler	poppler	0.9.1
poppler	poppler	0.9.2
poppler	poppler	0.9.3
poppler	poppler	0.10.0
poppler	poppler	0.10.1
poppler	poppler	0.10.2
poppler	poppler	0.10.3
poppler	poppler	0.10.4
poppler	poppler	0.10.5
poppler	poppler	0.10.6
poppler	poppler	0.10.7
poppler	poppler	0.11.0
poppler	poppler	0.11.1
poppler	poppler	0.11.2
poppler	poppler	0.11.3
poppler	poppler	0.12.0
poppler	poppler	0.12.1
poppler	poppler	0.12.2
poppler	poppler	0.12.3
poppler	poppler	0.12.4
poppler	poppler	0.13.0
poppler	poppler	0.13.1
poppler	poppler	0.13.2
poppler	poppler	0.13.3
poppler	poppler	0.13.4
poppler	poppler	0.14.0
poppler	poppler	0.14.1
poppler	poppler	0.14.2
poppler	poppler	0.14.3
poppler	poppler	0.14.4
poppler	poppler	0.14.5
poppler	poppler	0.15.0
poppler	poppler	0.15.1
foolabs	xpdf	0.5a
foolabs	xpdf	0.7a
foolabs	xpdf	0.91a
foolabs	xpdf	0.91b
foolabs	xpdf	0.91c
foolabs	xpdf	0.92a
foolabs	xpdf	0.92b
foolabs	xpdf	0.92c
foolabs	xpdf	0.92d
foolabs	xpdf	0.92e
foolabs	xpdf	0.93a
foolabs	xpdf	0.93b
foolabs	xpdf	0.93c
foolabs	xpdf	1.00a
foolabs	xpdf	3.0.1
foolabs	xpdf	3.02pl1
foolabs	xpdf	3.02pl2
foolabs	xpdf	3.02pl3
glyphandcog	xpdfreader	*
glyphandcog	xpdfreader	0.2
glyphandcog	xpdfreader	0.3
glyphandcog	xpdfreader	0.4
glyphandcog	xpdfreader	0.5
glyphandcog	xpdfreader	0.6
glyphandcog	xpdfreader	0.7
glyphandcog	xpdfreader	0.80
glyphandcog	xpdfreader	0.90
glyphandcog	xpdfreader	0.91
glyphandcog	xpdfreader	0.92
glyphandcog	xpdfreader	0.93
glyphandcog	xpdfreader	1.00
glyphandcog	xpdfreader	1.01
glyphandcog	xpdfreader	2.00
glyphandcog	xpdfreader	2.01
glyphandcog	xpdfreader	2.02
glyphandcog	xpdfreader	2.03
glyphandcog	xpdfreader	3.00
glyphandcog	xpdfreader	3.01
glyphandcog	xpdfreader	3.02
kde	kdegraphics	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6323ED7A-6FE8-4885-B743-3E2F82ECA08B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D3345C-2D35-413C-B6F9-C308BC7C2AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9D3618D-A183-4B09-9CA2-8D622C3486DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88294D9-563E-4AB3-9FE6-971F43B052B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A39F672-B238-4B21-A48E-5121771949F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A5D199-E952-44B5-B5E5-170040FA813E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "349B4B75-32E2-49FB-9606-8B057AFA2E3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A8D058-224E-467E-AB61-06F90B541F24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C47EDD-2212-4259-8229-FF05E1A7B5AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52995D0-0986-427F-B37D-2F6726EA330D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91206CA-7EBE-4E64-9A49-D7EC0D051012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD43644-7F02-42AF-8EC3-C326A13E2F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "81FE2E6F-44B2-42D5-B986-D1FE2B510968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A605079-3705-4E2C-8F6D-C21B4D875817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ABBD590-8092-4920-BBC7-F3ACB9CCC900",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14D812D5-BC8B-4907-AA70-F8D7F982A8DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E25003C-04CE-401F-B012-F2E13DC8E8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "189FE6D1-C001-4D43-BFD2-B8421C6FAB06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAF3866C-09D2-4564-A7AE-2C49A5E8480C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A43C280F-A571-4EF9-B301-244B05750933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D37AC0D5-6811-4FE2-83BB-FEF44B228645",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2B24274-2F2F-4F3A-8978-390BF69EF0AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "14959178-17D0-4794-867F-AB62501EEF24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1129356-C0B0-4130-A1EF-888B02783317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CD0FA23-F797-4FB5-85AD-29AED926E02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B06D79-50AD-49D0-B372-25CA226EEA80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34735C6-2738-4CCC-9322-8F7584AB616D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "339A5BC3-7AED-4912-B6D3-BBD5FBF4AA02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "325750AA-5E10-457E-88E8-439DFB81FE1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "235861C5-B126-4A27-A51F-94568DBA5FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EE3D5F0-DA69-453A-9729-03FD1151D94E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E52568-A112-4533-9CFA-55D35F40AA9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:poppler:poppler:0.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "38A9C7A2-DAC5-4334-9A88-CF9085A34186",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8ABE533-8FC1-45E6-B574-A4CC7571EF7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B02805E-7BD0-4563-82C8-6FFB982D4913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*",
              "matchCriteriaId": "852F526D-F388-4FF0-BDD9-DF7635DB46D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*",
              "matchCriteriaId": "478D53EA-CC8C-4ECB-8410-0910505AD819",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C84FB90-FF1C-4502-B2D2-390438DD422F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*",
              "matchCriteriaId": "13341DAE-D16D-41A7-BF17-FEC802997B15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E30BAEA-231C-4A82-B014-9EE3D1E81545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1DE5A5-6448-43F6-A612-56998D16E6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*",
              "matchCriteriaId": "35F84699-D4CF-4FD1-A959-53E316559EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*",
              "matchCriteriaId": "D820DFD5-0EF9-4C9A-B281-D553A4F63141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2EFC7E4-E513-42DB-BDA5-8D1E497971DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AA5CDDC-BFDE-4C5E-920F-5DA1B3C51B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CF839D-D034-4D47-977F-7E27B36EF04F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3B3E8A4-14FE-42DA-B82E-839B092B5302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D79ABD-202F-464F-B6C3-B225FD37DD3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BC500DA-7B3F-4CD5-BB0E-B244000CD19D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D5D9CEA-0707-46FC-AEC3-9EC540B22BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD38AC59-7518-40FB-BC29-EC64142DE682",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "32628280-E2DB-45E0-AB8A-CFC90419A182",
              "versionEndIncluding": "3.02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEF5EC54-9145-4B51-8241-C9343160BF80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D33C2C1D-C1C1-4B1D-BDC8-6480CE8EC24B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1344DF7-9917-4DB0-9256-9E8131C55B0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "309F0CF2-4AF7-4F46-91EA-39BA07BAF312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FA872B-74B8-48E4-9D5C-5ACA6FCB8026",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "20311EDE-0E34-432A-AE41-F61EA68F134A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FEF460-3569-4294-ABA4-D7C251D67071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB41E8C2-BBCC-48CB-805B-23411D39E936",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "16670F8A-E70B-4CDF-8C61-414D86E20C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "69483A91-53DB-4736-908F-7B14EFB40888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3E7962-0A95-4E7B-A983-683B02350B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1120B3-3372-417B-BCA0-FD515638FBFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7397645-3225-4980-8465-28F93322B58B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "1672587F-ED28-4A8A-A6C1-AD1D6B5DF9F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A45EAF-B511-4360-A201-D588E7EEB39D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14637F7-DC99-4AC4-854C-DBA0B4C6BE54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EE03979-D564-4ABD-BEBD-E86E7C1BAF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "15D08CFD-BEE1-4DEE-926D-F4291F88224D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "D244903F-5407-4C35-AE2C-1A05D3C227D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7D4E256-FF91-47BA-B1D4-940FB2D970AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:kdegraphics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A0E0FC3-B53F-462D-8562-D2464BB111E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n FoFiType1::parse en fofi/FoFiType1.cc del parseador de PDF de xpdf antes de v3.02pl5, poppler v0.8.7 y posiblemente otras versiones hasta v0.15.1, kdegraphics, y posiblemente otros productos, permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario mediante un archivo PDF con una fuente Type1 modificada que contiene un \u00edndice de matriz negativo, el cual se salta la validaci\u00f3n de entrada y que provoca una corrupci\u00f3n de memoria."
    }
  ],
  "id": "CVE-2010-3704",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-11-05T18:00:25.983",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42141"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42357"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42397"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42691"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43079"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2119"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2135"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/43841"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1005-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/2897"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/3097"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0230"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0749.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0751.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0752.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0753.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/43841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1005-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/2897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/3097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=638960"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-3704 (GCVE-0-2010-3704)

Vulnerability from cvelistv5

Published

2010-11-05 17:00