Oval Definition:	oval:org.mitre.oval:def:23546
Revision Date: 2014-05-26 Version: 26 Title: ELSA-2010:0859: poppler security update (Important) Description: The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2010-3702 CVE-2010-3703 CVE-2010-3704 ELSA-2010:0859-03 Platform(s): Oracle Linux 6 Product(s): poppler Definition Synopsis Oracle Linux 6.x AND rpm test poppler-qt4 is earlier than 0:0.12.4-3.el6_0.1 OR poppler-devel is earlier than 0:0.12.4-3.el6_0.1 OR poppler-qt-devel is earlier than 0:0.12.4-3.el6_0.1 OR poppler-glib-devel is earlier than 0:0.12.4-3.el6_0.1 OR poppler-qt4-devel is earlier than 0:0.12.4-3.el6_0.1 OR poppler-qt is earlier than 0:0.12.4-3.el6_0.1 OR poppler-glib is earlier than 0:0.12.4-3.el6_0.1 OR poppler-utils is earlier than 0:0.12.4-3.el6_0.1 OR poppler is earlier than 0:0.12.4-3.el6_0.1
BACK