Oval Definition:	oval:com.ubuntu.trusty:def:20104653000
Revision Date: 2012-01-12 Version: 1 Title: CVE-2010-4653 on Ubuntu 14.04 LTS (trusty) - low. Description: Due to an integer overflow when parsing CharCodes for fonts and a failure to check the return value of a memory allocation, it is possible to trigger writes to a narrow range of offsets from a NULL pointer. The chance of being able to exploit this for anything other than a crash is very remote: on x86 32-bit, there's no chance (since the write occurs between 0xffffffc4 and 0xfffffffc). At least the write lands in valid userspace on x86-64, but in my testing this memory is never mapped. Family: unix Class: vulnerability Status: Reference(s): CVE-2010-4653 Platform(s): Ubuntu 14.04 LTS Product(s): Definition Synopsis Ubuntu 14.04 LTS (trusty) is installed. AND Package Information The vulnerability of the 'ipe' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR The vulnerability of the 'libextractor' package in trusty is not known (status: 'needs-triage'). It is pending evaluation. OR NOT While related to the CVE in some way, the 'poppler' package in trusty is not affected. OR The vulnerability of the 'xpdf' package in trusty is not known (status: 'needs-triage'). It is pending evaluation.
BACK