oss-sec mailing list archives
Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark
From: Josh Bressers <bressers () redhat com>
Date: Mon, 4 Oct 2010 15:11:23 -0400 (EDT)
----- "Tomas Hoger" <thoger () redhat com> wrote: According to Tomas, only the first three things needs IDs:
e853106b58 is uninitialized pointer use flaw. Pointer value may be controlled by PDF content, hence if pointed to attacker-controlled memory, code execution may be possible via virtual method call. This should date back to very old xpdf versions.
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf Use CVE-2010-3702
bf2055088a seems similar to the above one. Pointer is to the class that has not virtual methods, but may be used to corrupt memory. This should only affect poppler versions after b1d4efb082.
http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f Use CVE-2010-3703
39d140bfc0 array indexing error / underflow. On platforms where atoi can return negative result, this can allow out-of-array-bounds write. Code appears in old xpdf versions too.
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 Use CVE-2010-3704 Thanks. -- JB
Current thread:
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Tomas Hoger (Oct 01)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Tomas Hoger (Oct 04)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Josh Bressers (Oct 04)
- <Possible follow-ups>
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Vincent Danen (Oct 01)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Gerald Combs (Oct 01)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Vincent Danen (Oct 01)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Gerald Combs (Oct 11)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Vincent Danen (Oct 12)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Gerald Combs (Oct 01)