RHSA-2009:1680
Vulnerability from csaf_redhat - Published: 2009-12-16 10:18 - Updated: 2026-01-13 22:40Summary
Red Hat Security Advisory: xpdf security update
Severity
Important
Notes
Topic: An updated xpdf package that fixes a security issue is now available for
Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details: Xpdf is an X Window System based viewer for Portable Document Format (PDF)
files.
Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw
in Xpdf's Type 1 font parser. A specially-crafted PDF file with an embedded
Type 1 font could cause Xpdf to crash or, possibly, execute arbitrary code
when opened. (CVE-2009-4035)
Users are advised to upgrade to this updated package, which contains a
backported patch to correct this issue.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
6.8 ()
Affected products
Fixed
52 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 4AS:xpdf-1:3.00-23.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:xpdf-1:3.00-23.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:xpdf-1:3.00-23.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:xpdf-1:3.00-23.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:xpdf-1:3.00-23.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:xpdf-1:3.00-23.el4_8.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:xpdf-1:3.00-23.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-1:3.00-23.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-1:3.00-23.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-1:3.00-23.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-1:3.00-23.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-1:3.00-23.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-1:3.00-23.el4_8.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-1:3.00-23.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-1:3.00-23.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-1:3.00-23.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-1:3.00-23.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-1:3.00-23.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-1:3.00-23.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-1:3.00-23.el4_8.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-1:3.00-23.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-1:3.00-23.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-1:3.00-23.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-1:3.00-23.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-1:3.00-23.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-1:3.00-23.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-1:3.00-23.el4_8.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-1:3.00-23.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.i386 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated xpdf package that fixes a security issue is now available for\nRed Hat Enterprise Linux 4.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Xpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nPetr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw\nin Xpdf\u0027s Type 1 font parser. A specially-crafted PDF file with an embedded\nType 1 font could cause Xpdf to crash or, possibly, execute arbitrary code\nwhen opened. (CVE-2009-4035)\n\nUsers are advised to upgrade to this updated package, which contains a\nbackported patch to correct this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2009:1680",
"url": "https://access.redhat.com/errata/RHSA-2009:1680"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "541614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=541614"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1680.json"
}
],
"title": "Red Hat Security Advisory: xpdf security update",
"tracking": {
"current_release_date": "2026-01-13T22:40:13+00:00",
"generator": {
"date": "2026-01-13T22:40:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2009:1680",
"initial_release_date": "2009-12-16T10:18:00+00:00",
"revision_history": [
{
"date": "2009-12-16T10:18:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2009-12-16T05:21:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:40:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"product": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"product_id": "xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf-debuginfo@3.00-23.el4_8.1?arch=ia64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "xpdf-1:3.00-23.el4_8.1.ia64",
"product": {
"name": "xpdf-1:3.00-23.el4_8.1.ia64",
"product_id": "xpdf-1:3.00-23.el4_8.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf@3.00-23.el4_8.1?arch=ia64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"product": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"product_id": "xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf-debuginfo@3.00-23.el4_8.1?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "xpdf-1:3.00-23.el4_8.1.x86_64",
"product": {
"name": "xpdf-1:3.00-23.el4_8.1.x86_64",
"product_id": "xpdf-1:3.00-23.el4_8.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf@3.00-23.el4_8.1?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"product": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"product_id": "xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf-debuginfo@3.00-23.el4_8.1?arch=i386\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "xpdf-1:3.00-23.el4_8.1.i386",
"product": {
"name": "xpdf-1:3.00-23.el4_8.1.i386",
"product_id": "xpdf-1:3.00-23.el4_8.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf@3.00-23.el4_8.1?arch=i386\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "xpdf-1:3.00-23.el4_8.1.src",
"product": {
"name": "xpdf-1:3.00-23.el4_8.1.src",
"product_id": "xpdf-1:3.00-23.el4_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf@3.00-23.el4_8.1?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"product": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"product_id": "xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf-debuginfo@3.00-23.el4_8.1?arch=ppc\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "xpdf-1:3.00-23.el4_8.1.ppc",
"product": {
"name": "xpdf-1:3.00-23.el4_8.1.ppc",
"product_id": "xpdf-1:3.00-23.el4_8.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf@3.00-23.el4_8.1?arch=ppc\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"product": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"product_id": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf-debuginfo@3.00-23.el4_8.1?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "xpdf-1:3.00-23.el4_8.1.s390x",
"product": {
"name": "xpdf-1:3.00-23.el4_8.1.s390x",
"product_id": "xpdf-1:3.00-23.el4_8.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf@3.00-23.el4_8.1?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"product": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"product_id": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf-debuginfo@3.00-23.el4_8.1?arch=s390\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "xpdf-1:3.00-23.el4_8.1.s390",
"product": {
"name": "xpdf-1:3.00-23.el4_8.1.s390",
"product_id": "xpdf-1:3.00-23.el4_8.1.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xpdf@3.00-23.el4_8.1?arch=s390\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-1:3.00-23.el4_8.1.i386"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-1:3.00-23.el4_8.1.ia64"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-1:3.00-23.el4_8.1.ppc"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-1:3.00-23.el4_8.1.s390"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-1:3.00-23.el4_8.1.s390x"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-1:3.00-23.el4_8.1.src"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-1:3.00-23.el4_8.1.x86_64"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.i386"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-1:3.00-23.el4_8.1.i386"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-1:3.00-23.el4_8.1.ia64"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-1:3.00-23.el4_8.1.ppc"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-1:3.00-23.el4_8.1.s390"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-1:3.00-23.el4_8.1.s390x"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-1:3.00-23.el4_8.1.src"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-1:3.00-23.el4_8.1.x86_64"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.i386"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.s390"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-1:3.00-23.el4_8.1.i386"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-1:3.00-23.el4_8.1.ia64"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-1:3.00-23.el4_8.1.ppc"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-1:3.00-23.el4_8.1.s390"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-1:3.00-23.el4_8.1.s390x"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-1:3.00-23.el4_8.1.src"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-1:3.00-23.el4_8.1.x86_64"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.i386"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.s390"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-1:3.00-23.el4_8.1.i386"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-1:3.00-23.el4_8.1.ia64"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-1:3.00-23.el4_8.1.ppc"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-1:3.00-23.el4_8.1.s390"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-1:3.00-23.el4_8.1.s390x"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-1:3.00-23.el4_8.1.src"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-1:3.00-23.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-1:3.00-23.el4_8.1.x86_64"
},
"product_reference": "xpdf-1:3.00-23.el4_8.1.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.i386"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64"
},
"product_reference": "xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4035",
"discovery_date": "2009-11-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "541614"
}
],
"notes": [
{
"category": "description",
"text": "The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xpdf: buffer overflow in FoFiType1::parse",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS:xpdf-1:3.00-23.el4_8.1.i386",
"4AS:xpdf-1:3.00-23.el4_8.1.ia64",
"4AS:xpdf-1:3.00-23.el4_8.1.ppc",
"4AS:xpdf-1:3.00-23.el4_8.1.s390",
"4AS:xpdf-1:3.00-23.el4_8.1.s390x",
"4AS:xpdf-1:3.00-23.el4_8.1.src",
"4AS:xpdf-1:3.00-23.el4_8.1.x86_64",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"4Desktop:xpdf-1:3.00-23.el4_8.1.i386",
"4Desktop:xpdf-1:3.00-23.el4_8.1.ia64",
"4Desktop:xpdf-1:3.00-23.el4_8.1.ppc",
"4Desktop:xpdf-1:3.00-23.el4_8.1.s390",
"4Desktop:xpdf-1:3.00-23.el4_8.1.s390x",
"4Desktop:xpdf-1:3.00-23.el4_8.1.src",
"4Desktop:xpdf-1:3.00-23.el4_8.1.x86_64",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"4ES:xpdf-1:3.00-23.el4_8.1.i386",
"4ES:xpdf-1:3.00-23.el4_8.1.ia64",
"4ES:xpdf-1:3.00-23.el4_8.1.ppc",
"4ES:xpdf-1:3.00-23.el4_8.1.s390",
"4ES:xpdf-1:3.00-23.el4_8.1.s390x",
"4ES:xpdf-1:3.00-23.el4_8.1.src",
"4ES:xpdf-1:3.00-23.el4_8.1.x86_64",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"4WS:xpdf-1:3.00-23.el4_8.1.i386",
"4WS:xpdf-1:3.00-23.el4_8.1.ia64",
"4WS:xpdf-1:3.00-23.el4_8.1.ppc",
"4WS:xpdf-1:3.00-23.el4_8.1.s390",
"4WS:xpdf-1:3.00-23.el4_8.1.s390x",
"4WS:xpdf-1:3.00-23.el4_8.1.src",
"4WS:xpdf-1:3.00-23.el4_8.1.x86_64",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4035"
},
{
"category": "external",
"summary": "RHBZ#541614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=541614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4035",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4035"
}
],
"release_date": "2009-12-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2009-12-16T10:18:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS:xpdf-1:3.00-23.el4_8.1.i386",
"4AS:xpdf-1:3.00-23.el4_8.1.ia64",
"4AS:xpdf-1:3.00-23.el4_8.1.ppc",
"4AS:xpdf-1:3.00-23.el4_8.1.s390",
"4AS:xpdf-1:3.00-23.el4_8.1.s390x",
"4AS:xpdf-1:3.00-23.el4_8.1.src",
"4AS:xpdf-1:3.00-23.el4_8.1.x86_64",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"4Desktop:xpdf-1:3.00-23.el4_8.1.i386",
"4Desktop:xpdf-1:3.00-23.el4_8.1.ia64",
"4Desktop:xpdf-1:3.00-23.el4_8.1.ppc",
"4Desktop:xpdf-1:3.00-23.el4_8.1.s390",
"4Desktop:xpdf-1:3.00-23.el4_8.1.s390x",
"4Desktop:xpdf-1:3.00-23.el4_8.1.src",
"4Desktop:xpdf-1:3.00-23.el4_8.1.x86_64",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"4ES:xpdf-1:3.00-23.el4_8.1.i386",
"4ES:xpdf-1:3.00-23.el4_8.1.ia64",
"4ES:xpdf-1:3.00-23.el4_8.1.ppc",
"4ES:xpdf-1:3.00-23.el4_8.1.s390",
"4ES:xpdf-1:3.00-23.el4_8.1.s390x",
"4ES:xpdf-1:3.00-23.el4_8.1.src",
"4ES:xpdf-1:3.00-23.el4_8.1.x86_64",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"4WS:xpdf-1:3.00-23.el4_8.1.i386",
"4WS:xpdf-1:3.00-23.el4_8.1.ia64",
"4WS:xpdf-1:3.00-23.el4_8.1.ppc",
"4WS:xpdf-1:3.00-23.el4_8.1.s390",
"4WS:xpdf-1:3.00-23.el4_8.1.s390x",
"4WS:xpdf-1:3.00-23.el4_8.1.src",
"4WS:xpdf-1:3.00-23.el4_8.1.x86_64",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2009:1680"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS:xpdf-1:3.00-23.el4_8.1.i386",
"4AS:xpdf-1:3.00-23.el4_8.1.ia64",
"4AS:xpdf-1:3.00-23.el4_8.1.ppc",
"4AS:xpdf-1:3.00-23.el4_8.1.s390",
"4AS:xpdf-1:3.00-23.el4_8.1.s390x",
"4AS:xpdf-1:3.00-23.el4_8.1.src",
"4AS:xpdf-1:3.00-23.el4_8.1.x86_64",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"4AS:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"4Desktop:xpdf-1:3.00-23.el4_8.1.i386",
"4Desktop:xpdf-1:3.00-23.el4_8.1.ia64",
"4Desktop:xpdf-1:3.00-23.el4_8.1.ppc",
"4Desktop:xpdf-1:3.00-23.el4_8.1.s390",
"4Desktop:xpdf-1:3.00-23.el4_8.1.s390x",
"4Desktop:xpdf-1:3.00-23.el4_8.1.src",
"4Desktop:xpdf-1:3.00-23.el4_8.1.x86_64",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"4Desktop:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"4ES:xpdf-1:3.00-23.el4_8.1.i386",
"4ES:xpdf-1:3.00-23.el4_8.1.ia64",
"4ES:xpdf-1:3.00-23.el4_8.1.ppc",
"4ES:xpdf-1:3.00-23.el4_8.1.s390",
"4ES:xpdf-1:3.00-23.el4_8.1.s390x",
"4ES:xpdf-1:3.00-23.el4_8.1.src",
"4ES:xpdf-1:3.00-23.el4_8.1.x86_64",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"4ES:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64",
"4WS:xpdf-1:3.00-23.el4_8.1.i386",
"4WS:xpdf-1:3.00-23.el4_8.1.ia64",
"4WS:xpdf-1:3.00-23.el4_8.1.ppc",
"4WS:xpdf-1:3.00-23.el4_8.1.s390",
"4WS:xpdf-1:3.00-23.el4_8.1.s390x",
"4WS:xpdf-1:3.00-23.el4_8.1.src",
"4WS:xpdf-1:3.00-23.el4_8.1.x86_64",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.i386",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.ia64",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.ppc",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.s390x",
"4WS:xpdf-debuginfo-1:3.00-23.el4_8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xpdf: buffer overflow in FoFiType1::parse"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…