Memory Corruption Vulnerability in xpdf and Poppler PDF Parsers
CVE-2010-3704

Currently unrated

Key Information:

Vendor

Poppler

Status
Poppler
Vendor
CVE Published:
5 November 2010

What is CVE-2010-3704?

The vulnerability resides within the FoFiType1::parse function of the PDF parsers used in xpdf and Poppler, where an attacker can exploit a crafted PostScript Type1 font embedded in a PDF file. This involves a negative array index bypassing input validation, which may lead to memory corruption. As a result, context-dependent attackers can induce a denial of service, potentially leading to a crash, and in some scenarios, execute arbitrary code.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2010/10/04/6
mailing-listx_refsource_MLIST
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.