CVE-2010-3704 - OpenCVE

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Poppler	Poppler
Glyphandcog	Xpdfreader
Kde	Kdegraphics
Foolabs	Xpdf

Configuration 1 [-]

OR	cpe:2.3:a:poppler:poppler:0.8.7:::::::*
	cpe:2.3:a:poppler:poppler:0.9.0:::::::*
	cpe:2.3:a:poppler:poppler:0.9.1:::::::*
	cpe:2.3:a:poppler:poppler:0.9.2:::::::*
	cpe:2.3:a:poppler:poppler:0.9.3:::::::*
	cpe:2.3:a:poppler:poppler:0.10.0:::::::*
	cpe:2.3:a:poppler:poppler:0.10.1:::::::*
	cpe:2.3:a:poppler:poppler:0.10.2:::::::*
	cpe:2.3:a:poppler:poppler:0.10.3:::::::*
	cpe:2.3:a:poppler:poppler:0.10.4:::::::*
	cpe:2.3:a:poppler:poppler:0.10.5:::::::*
	cpe:2.3:a:poppler:poppler:0.10.6:::::::*
	cpe:2.3:a:poppler:poppler:0.10.7:::::::*
	cpe:2.3:a:poppler:poppler:0.11.0:::::::*
	cpe:2.3:a:poppler:poppler:0.11.1:::::::*
	cpe:2.3:a:poppler:poppler:0.11.2:::::::*
	cpe:2.3:a:poppler:poppler:0.11.3:::::::*
	cpe:2.3:a:poppler:poppler:0.12.0:::::::*
	cpe:2.3:a:poppler:poppler:0.12.1:::::::*
	cpe:2.3:a:poppler:poppler:0.12.2:::::::*
	cpe:2.3:a:poppler:poppler:0.12.3:::::::*
	cpe:2.3:a:poppler:poppler:0.12.4:::::::*
	cpe:2.3:a:poppler:poppler:0.13.0:::::::*
	cpe:2.3:a:poppler:poppler:0.13.1:::::::*
	cpe:2.3:a:poppler:poppler:0.13.2:::::::*
	cpe:2.3:a:poppler:poppler:0.13.3:::::::*
	cpe:2.3:a:poppler:poppler:0.13.4:::::::*
	cpe:2.3:a:poppler:poppler:0.14.0:::::::*
	cpe:2.3:a:poppler:poppler:0.14.1:::::::*
	cpe:2.3:a:poppler:poppler:0.14.2:::::::*
	cpe:2.3:a:poppler:poppler:0.14.3:::::::*
	cpe:2.3:a:poppler:poppler:0.14.4:::::::*
	cpe:2.3:a:poppler:poppler:0.14.5:::::::*
	cpe:2.3:a:poppler:poppler:0.15.0:::::::*
	cpe:2.3:a:poppler:poppler:0.15.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:foolabs:xpdf:0.5a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.7a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.91a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.91b:::::::*
	cpe:2.3:a:foolabs:xpdf:0.91c:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92b:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92c:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92d:::::::*
	cpe:2.3:a:foolabs:xpdf:0.92e:::::::*
	cpe:2.3:a:foolabs:xpdf:0.93a:::::::*
	cpe:2.3:a:foolabs:xpdf:0.93b:::::::*
	cpe:2.3:a:foolabs:xpdf:0.93c:::::::*
	cpe:2.3:a:foolabs:xpdf:1.00a:::::::*
	cpe:2.3:a:foolabs:xpdf:3.0.1:::::::*
	cpe:2.3:a:foolabs:xpdf:3.02pl1:::::::*
	cpe:2.3:a:foolabs:xpdf:3.02pl2:::::::*
	cpe:2.3:a:foolabs:xpdf:3.02pl3:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader::::::::
	cpe:2.3:a:glyphandcog:xpdfreader:0.2:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.3:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.4:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.5:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.6:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.7:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.80:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.90:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.91:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.92:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:0.93:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:1.00:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:1.01:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:2.00:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:2.01:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:2.02:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:2.03:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:3.00:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:3.01:::::::*
	cpe:2.3:a:glyphandcog:xpdfreader:3.02:::::::*
	cpe:2.3:a:kde:kdegraphics::::::::

References

Link	Resource
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch	Patch
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473	Patch
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://secunia.com/advisories/42141
http://secunia.com/advisories/42357
http://secunia.com/advisories/42397
http://secunia.com/advisories/42691
http://secunia.com/advisories/43079
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
http://www.debian.org/security/2010/dsa-2119
http://www.debian.org/security/2010/dsa-2135
http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
http://www.openwall.com/lists/oss-security/2010/10/04/6
http://www.redhat.com/support/errata/RHSA-2010-0749.html
http://www.redhat.com/support/errata/RHSA-2010-0751.html
http://www.redhat.com/support/errata/RHSA-2010-0752.html
http://www.redhat.com/support/errata/RHSA-2010-0753.html
http://www.redhat.com/support/errata/RHSA-2010-0859.html
http://www.securityfocus.com/bid/43841
http://www.ubuntu.com/usn/USN-1005-1
http://www.vupen.com/english/advisories/2010/2897
http://www.vupen.com/english/advisories/2010/3097
http://www.vupen.com/english/advisories/2011/0230
https://bugzilla.redhat.com/show_bug.cgi?id=638960