Package name
poppler
Date
2010-11-12
Advisory ID
MDVSA-2010:231
Affected versions
2010.1 x86_64 , 2010.1 i586 , 2010.0 x86_64 , 2010.0 i586

Problem description

Multiple vulnerabilities were discovered and corrected in poppler:

The Gfx::getPos function in the PDF parser in poppler, allows
context-dependent attackers to cause a denial of service (crash)
via unknown vectors that trigger an uninitialized pointer dereference
(CVE-2010-3702).

The PostScriptFunction::PostScriptFunction function in
poppler/Function.cc in the PDF parser in poppler, allows
context-dependent attackers to cause a denial of service (crash)
via a PDF file that triggers an uninitialized pointer dereference
(CVE-2010-3703).

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
in poppler, allows context-dependent attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a PDF
file with a crafted Type1 font that contains a negative array index,
which bypasses input validation and which triggers memory corruption
(CVE-2010-3704).

The updated packages have been patched to correct these issues.

Updated packages

2010.1 x86_64

 142bdd508c9c62480b467b3aa74a6eb1  2010.1/x86_64/lib64poppler5-0.12.4-2.1mdv2010.1.x86_64.rpm
 423f44b8802e838afbdd9be973bee11b  2010.1/x86_64/lib64poppler-devel-0.12.4-2.1mdv2010.1.x86_64.rpm
 88b25a582c2bf185196e8d68b2567bd9  2010.1/x86_64/lib64poppler-glib4-0.12.4-2.1mdv2010.1.x86_64.rpm
 5ea3f17b45cdddf438d4642348f0133d  2010.1/x86_64/lib64poppler-glib-devel-0.12.4-2.1mdv2010.1.x86_64.rpm
 11e9facfbca3b5d916f480e5053614cd  2010.1/x86_64/lib64poppler-qt2-0.12.4-2.1mdv2010.1.x86_64.rpm
 51f3818574979e270265d94947b863ff  2010.1/x86_64/lib64poppler-qt4-3-0.12.4-2.1mdv2010.1.x86_64.rpm
 d7c2b054dd96ac00eb7caf957d290cf6  2010.1/x86_64/lib64poppler-qt4-devel-0.12.4-2.1mdv2010.1.x86_64.rpm
 9533bb591cd679ba8f880b23605e837a  2010.1/x86_64/lib64poppler-qt-devel-0.12.4-2.1mdv2010.1.x86_64.rpm
 a6fd550b90857f4cbfcd97213d5e7918  2010.1/x86_64/poppler-0.12.4-2.1mdv2010.1.x86_64.rpm 
 a3495563ca96089190aef76b6c25df4d  2010.1/SRPMS/poppler-0.12.4-2.1mdv2010.1.src.rpm

2010.1 i586

 039272fbf964bf0cda8ee8be3f73d7f0  2010.1/i586/libpoppler5-0.12.4-2.1mdv2010.1.i586.rpm
 4b8cd7ba4fcad0fdb13d498d9659353e  2010.1/i586/libpoppler-devel-0.12.4-2.1mdv2010.1.i586.rpm
 0c8ecda02ad63275628fdf7dbb886d85  2010.1/i586/libpoppler-glib4-0.12.4-2.1mdv2010.1.i586.rpm
 a899985446082afaf7a552a9d093fa7b  2010.1/i586/libpoppler-glib-devel-0.12.4-2.1mdv2010.1.i586.rpm
 98cc33b6085f8b5a3e450814217a87fc  2010.1/i586/libpoppler-qt2-0.12.4-2.1mdv2010.1.i586.rpm
 aca2798c969fe7e1ae41f8fda8c767bf  2010.1/i586/libpoppler-qt4-3-0.12.4-2.1mdv2010.1.i586.rpm
 766c5b85413728af84378f56647f3d6e  2010.1/i586/libpoppler-qt4-devel-0.12.4-2.1mdv2010.1.i586.rpm
 e1af5e2dda8be30d3ac1e009ce856588  2010.1/i586/libpoppler-qt-devel-0.12.4-2.1mdv2010.1.i586.rpm
 e2060c17f1f8ece622fbcf94e50205d7  2010.1/i586/poppler-0.12.4-2.1mdv2010.1.i586.rpm 
 a3495563ca96089190aef76b6c25df4d  2010.1/SRPMS/poppler-0.12.4-2.1mdv2010.1.src.rpm

2010.0 x86_64

 5ac922ba77b7e24852b032cb96d66dcc  2010.0/x86_64/lib64poppler5-0.12.4-1.2mdv2010.0.x86_64.rpm
 a35fdb10aaaeda661082eea969c8cb10  2010.0/x86_64/lib64poppler-devel-0.12.4-1.2mdv2010.0.x86_64.rpm
 be4e55287976d6d9f0bc8acdd41dc371  2010.0/x86_64/lib64poppler-glib4-0.12.4-1.2mdv2010.0.x86_64.rpm
 2e63d0dff69e958f0b926cf6d0026c61  2010.0/x86_64/lib64poppler-glib-devel-0.12.4-1.2mdv2010.0.x86_64.rpm
 b50e39d108dc2458c252fbf365e2aaff  2010.0/x86_64/lib64poppler-qt2-0.12.4-1.2mdv2010.0.x86_64.rpm
 7b249ff04f794fb6a8dc8b05564143e4  2010.0/x86_64/lib64poppler-qt4-3-0.12.4-1.2mdv2010.0.x86_64.rpm
 121f80f800f144eb489f0cdce287e7ef  2010.0/x86_64/lib64poppler-qt4-devel-0.12.4-1.2mdv2010.0.x86_64.rpm
 fb7297fbbd3758eca663813932d822fe  2010.0/x86_64/lib64poppler-qt-devel-0.12.4-1.2mdv2010.0.x86_64.rpm
 5fbd9b1cbd0c18cc7f5a77ee8c9421e8  2010.0/x86_64/poppler-0.12.4-1.2mdv2010.0.x86_64.rpm 
 b395b580e189eac53cec4cdce2ceaeeb  2010.0/SRPMS/poppler-0.12.4-1.2mdv2010.0.src.rpm

2010.0 i586

 f8eeb85b978e98a9bfffce7ab584e9df  2010.0/i586/libpoppler5-0.12.4-1.2mdv2010.0.i586.rpm
 11b9dfe9e37261bec174c25aae9d71b4  2010.0/i586/libpoppler-devel-0.12.4-1.2mdv2010.0.i586.rpm
 b9af206162c906094204ed13a4620318  2010.0/i586/libpoppler-glib4-0.12.4-1.2mdv2010.0.i586.rpm
 eea6fc72a55f119c2fe7aef2c37400f6  2010.0/i586/libpoppler-glib-devel-0.12.4-1.2mdv2010.0.i586.rpm
 d83f8f81d2cbb11a3a12e0654d63cd11  2010.0/i586/libpoppler-qt2-0.12.4-1.2mdv2010.0.i586.rpm
 8e1f7d0278a299b55e1b213f90462610  2010.0/i586/libpoppler-qt4-3-0.12.4-1.2mdv2010.0.i586.rpm
 6f1505518bb6a42bd017f4ed00ed5f3f  2010.0/i586/libpoppler-qt4-devel-0.12.4-1.2mdv2010.0.i586.rpm
 6bfceb4bbb5565f829c765e15d9f84f8  2010.0/i586/libpoppler-qt-devel-0.12.4-1.2mdv2010.0.i586.rpm
 69b87e12827e20261bcac5c1a9f6cc47  2010.0/i586/poppler-0.12.4-1.2mdv2010.0.i586.rpm 
 b395b580e189eac53cec4cdce2ceaeeb  2010.0/SRPMS/poppler-0.12.4-1.2mdv2010.0.src.rpm

References