Bug 638960 (CVE-2010-3704)
Summary: | CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | andreas.bierfert, jnovy, mjc, mkasik, orion, rdieter, tcallawa, than, tremble, vdanen |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-03-26 15:46:12 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 639829, 639830, 639831, 639832, 639833, 639834, 639839, 639840, 639841, 639842, 639859, 639860, 639861, 639868, 639875, 652108, 773178, 773180, 833917 | ||
Bug Blocks: | 638835 |
Description
Tomas Hoger
2010-09-30 13:52:36 UTC
(In reply to comment #0) > On platforms, where atoi() could return negative result when parsing large > positive values (exceeding INT_MAX), this could could lead to write out of > array bounds due to use of negative index. This does happen on e.g. x86_64, but does not happen on i386. Affected code is present in xpdf versions 3.00 and later, it is not part of xpdf 2.x (so EL3 is not affected, EL4 tetex is not affected). Created poppler tracking bugs for this issue Affects: fedora-all [bug 639861] This is likely to affect other applications that embed xpdf code, such as pdfedit and koffice 1.x. Official xpdf patch may appear later this week. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0749 https://rhn.redhat.com/errata/RHSA-2010-0749.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0751 https://rhn.redhat.com/errata/RHSA-2010-0751.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0752 https://rhn.redhat.com/errata/RHSA-2010-0752.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0753 https://rhn.redhat.com/errata/RHSA-2010-0753.html xpdf upstream fixed this via xpdf-3.02pl5.patch, see bug #595245, comment #22. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0859 https://rhn.redhat.com/errata/RHSA-2010-0859.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1201 https://rhn.redhat.com/errata/RHSA-2012-1201.html |