* SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
cause a denial of service (crash) via unknown vectors that trigger an
uninitialized pointer dereference.
- cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
- CVE-2010-3702
- LP: #701220
* SECURITY UPDATE: FoFiType1::parse function allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a PDF file with a crafted Type1 font that contains a
negative array index, which bypasses input validation and which triggers
memory corruption.
- cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
- CVE-2010-3704
-- Brian Thomason <email address hidden> Mon, 10 Jan 2011 15:32:39 -0500
This bug was fixed in the package xpdf - 3.02-1. 4ubuntu2. 9.10.2
--------------- 4ubuntu2. 9.10.2) karmic-security; urgency=low
xpdf (3.02-1.
* SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to 3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert) 3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
cause a denial of service (crash) via unknown vectors that trigger an
uninitialized pointer dereference.
- cve-2010-
- CVE-2010-3702
- LP: #701220
* SECURITY UPDATE: FoFiType1::parse function allows context-dependent
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a PDF file with a crafted Type1 font that contains a
negative array index, which bypasses input validation and which triggers
memory corruption.
- cve-2010-
- CVE-2010-3704
-- Brian Thomason <email address hidden> Mon, 10 Jan 2011 15:32:39 -0500