Vigil@nce: Xpdf, two vulnerabilities
October 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious PDF document leading to a
denial of service and possibly to code execution, on computers of
users opening it with Xpdf, or its derivatives.
– Severity: 2/4
– Creation date: 08/10/2010
DESCRIPTION OF THE VULNERABILITY
The Xpdf program is used to display PDF documents. The source code
of this program is used in several software: gpdf, cups, poppler,
etc. It is impacted by two vulnerabilities.
When a special PDF document is read, the Gfx::parser property is
not initialized. It is then dereferenced in the Gfx::getPos()
method, which stops the application, and may lead to code
execution. [severity:2/4; 595245, BID-43845, CVE-2010-3702]
A PDF document containing a Type1 font with a field value larger
than INT_MAX creates an integer overflow in the FoFiType1::parse()
method. This vulnerability impacts x86_64 platforms, and can lead
to code execution. [severity:2/4; 638960, BID-43841, CVE-2010-3704]
An attacker can therefore create a malicious PDF document leading
to a denial of service and possibly to code execution, on
computers of users opening it with Xpdf, or its derivatives.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xpdf-two-vulnerabilities-10011