Launchpad.net

CVE 2010-3704

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

Related bugs and status

CVE-2010-3704 (Candidate) is related to these bugs:

Bug #701220: [Security] xpdf - CVE-2010-3702,3704

		In	Importance	Status
701220	[Security] xpdf - CVE-2010-3702,3704	xpdf (Ubuntu)	Medium	Fix Released
701220	[Security] xpdf - CVE-2010-3702,3704	xpdf (Ubuntu Karmic)	Medium	Fix Released
701220	[Security] xpdf - CVE-2010-3702,3704	xpdf (Ubuntu Natty)	Medium	Fix Released
701220	[Security] xpdf - CVE-2010-3702,3704	xpdf (Ubuntu Lucid)	Medium	Fix Released
701220	[Security] xpdf - CVE-2010-3702,3704	xpdf (Ubuntu Maverick)	Medium	Fix Released

Bug #882588: LibreOffice/Mozilla integration broken

Summary				In	Importance	Status
	882588	LibreOffice/Mozilla integration broken		libreoffice (Ubuntu)	Undecided	Fix Released
	882588	LibreOffice/Mozilla integration broken		firefox (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-3704

Related bugs and status

Related bugs

References