Ubuntu
xpdf package

  1. Bug #701220
  2. Comment #7

Comment 7 for bug 701220

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xpdf - 3.02-1.4ubuntu2.9.10.2

---------------
xpdf (3.02-1.4ubuntu2.9.10.2) karmic-security; urgency=low

  * SECURITY UPDATE: Gfx::getPos function allows context-dependent attackers to
    cause a denial of service (crash) via unknown vectors that trigger an
    uninitialized pointer dereference.
    - cve-2010-3702.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
    - CVE-2010-3702
    - LP: #701220
  * SECURITY UPDATE: FoFiType1::parse function allows context-dependent
    attackers to cause a denial of service (crash) and possibly execute
    arbitrary code via a PDF file with a crafted Type1 font that contains a
    negative array index, which bypasses input validation and which triggers
    memory corruption.
    - cve-2010-3704.dpatch: Patch provided by Debian (courtesy of Michael Gilbert)
    - CVE-2010-3704
 -- Brian Thomason <email address hidden> Mon, 10 Jan 2011 15:32:39 -0500