Nom du paquet
xpdf
Date
2010-11-12
Advisory ID
MDVSA-2010:228
Affected versions
2009.0 x86_64 , 2009.0 i586 , CS4.0 x86_64 , CS4.0 i586

Problem description

Multiple vulnerabilities were discovered and corrected in xpdf:

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5,
allows context-dependent attackers to cause a denial of service (crash)
via unknown vectors that trigger an uninitialized pointer dereference
(CVE-2010-3702).

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
in xpdf before 3.02pl5, allows context-dependent attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a PDF
file with a crafted Type1 font that contains a negative array index,
which bypasses input validation and which triggers memory corruption
(CVE-2010-3704).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Updated packages

2009.0 x86_64

 7153e3886a99e6177ab056c063c1979e  2009.0/x86_64/xpdf-3.02-12.4mdv2009.0.x86_64.rpm
 0393c48ff731618ca6417b0d3e96b02b  2009.0/x86_64/xpdf-common-3.02-12.4mdv2009.0.x86_64.rpm 
 0998d140092d3ddc85faa15d17686a04  2009.0/SRPMS/xpdf-3.02-12.4mdv2009.0.src.rpm

2009.0 i586

 fad54e0d6a59fb9114f71c5aa5897a1c  2009.0/i586/xpdf-3.02-12.4mdv2009.0.i586.rpm
 175716771ba0bc1ca2b76db66612d380  2009.0/i586/xpdf-common-3.02-12.4mdv2009.0.i586.rpm 
 0998d140092d3ddc85faa15d17686a04  2009.0/SRPMS/xpdf-3.02-12.4mdv2009.0.src.rpm

CS4.0 x86_64

 05739a863c4cfdd05dfb3c7f25584f2b  corporate/4.0/x86_64/xpdf-3.02-0.5.20060mlcs4.x86_64.rpm
 f057f86308907ab31a0ab139ef8859c5  corporate/4.0/x86_64/xpdf-tools-3.02-0.5.20060mlcs4.x86_64.rpm 
 9cfce68a816e22c6121a4d69cc201d7e  corporate/4.0/SRPMS/xpdf-3.02-0.5.20060mlcs4.src.rpm

CS4.0 i586

 723f068961b5011a7d1cd7c6d93166e2  corporate/4.0/i586/xpdf-3.02-0.5.20060mlcs4.i586.rpm
 7d25f96da76b7aeb65d34da2ade390bb  corporate/4.0/i586/xpdf-tools-3.02-0.5.20060mlcs4.i586.rpm 
 9cfce68a816e22c6121a4d69cc201d7e  corporate/4.0/SRPMS/xpdf-3.02-0.5.20060mlcs4.src.rpm

References