Bug 24286

Summary: Multiple vulnerabilities: CVE-2010-3702, CVE-2010-3703, CVE-2010-3704
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: popplerAssignee: Sergey V Turchin <zerg>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: zerg
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://secunia.com/advisories/41596/

Description Vladimir Lettiev 2010-10-13 10:46:10 MSD 
1) An error in "Gfx::getPos()" can be exploited to dereference an uninitialised pointer.

2) An array indexing error exists when parsing Type1 fonts in "FoFiType1::parse()", which can be exploited to corrupt memory via a specially crafted PDF file.

3) Other vulnerabilities are caused due to e.g. memory leak errors, which can be exploited to cause a crash by tricking a user into processing a specially crafted PDF file in an application using the library.

Also see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165

Fixed(?) in 0.14.4
Comment 1 Vladimir Lettiev 2010-10-20 09:32:25 MSD 
В Sisyphus 0.14.4-alt1. Можно закрывать баг или он ешё нужен в открытом состоянии?
Comment 2 Sergey V Turchin 2010-10-20 14:00:19 MSD 
В 0.14.4-alt1 исправлено. Я это выяснил уже после отправки на сборку.