| Vulnerability Name: | CVE-2009-4035 (CCN-54831) | ||||||||||||||||||||||||
| Assigned: | 2009-12-16 | ||||||||||||||||||||||||
| Published: | 2009-12-16 | ||||||||||||||||||||||||
| Updated: | 2017-09-19 | ||||||||||||||||||||||||
| Summary: | The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-94 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://cgit.freedesktop.org/poppler/poppler/diff/fofi/FoFiType1.cc?id=4b4fc5c0 Source: MISC Type: UNKNOWN http://cgit.freedesktop.org/poppler/poppler/tree/fofi/FoFiType1.cc?id=4b4fc5c017bf147c9069bbce32fc14467bd2a81a Source: MITRE Type: CNA CVE-2009-4035 Source: CCN Type: KDE Web site KPDF Source: SUSE Type: UNKNOWN SUSE-SR:2010:003 Source: CCN Type: RHSA-2009-1680 Important: xpdf security update Source: CCN Type: RHSA-2009-1681 Important: gpdf security update Source: CCN Type: RHSA-2009-1682 Important: kdegraphics security update Source: CCN Type: SA37641 KDE KPDF "FoFiType1::parse()" Integer Underflow Vulnerability Source: SECUNIA Type: Vendor Advisory 37641 Source: SECUNIA Type: Vendor Advisory 37781 Source: SECUNIA Type: Vendor Advisory 37787 Source: SECUNIA Type: Vendor Advisory 37793 Source: CCN Type: SA56998 Gentoo xpdf Multiple Vulnerabilities Source: CCN Type: SECTRACK ID: 1023356 Xpdf Buffer Overflow in FoFiType1::parse Lets Remote Users Execute Arbitrary Code Source: CCN Type: Xpdf Web site Xpdf Source: CCN Type: GLSA 201402-17 Xpdf: User-assisted execution of arbitrary code Source: CCN Type: OSVDB ID: 61207 KDE KPDF xpdf/fofi/FoFiType1.cc FoFiType1::parse() Function Overflow Source: REDHAT Type: UNKNOWN RHSA-2009:1680 Source: REDHAT Type: UNKNOWN RHSA-2009:1681 Source: REDHAT Type: UNKNOWN RHSA-2009:1682 Source: BID Type: UNKNOWN 37350 Source: CCN Type: BID-37350 Xpdf 'FoFiType1::parse' Buffer Overflow Vulnerability Source: SECTRACK Type: UNKNOWN 1023356 Source: VUPEN Type: Vendor Advisory ADV-2009-3555 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=541614 Source: CCN Type: Red Hat Bugzilla Bug 541614 CVE-2009-4035 xpdf: buffer overflow in FoFiType1::parse Source: XF Type: UNKNOWN xpdf-fofitype1parse-bo(54831) Source: XF Type: UNKNOWN xpdf-fofitype1parse-bo(54831) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10996 Source: SUSE Type: SUSE-SR:2009:020 SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2010:003 SUSE Security Summary Report Source: SUSE Type: SUSE-SR:2010:004 SUSE Security Summary Report | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||