Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Oct 2010 15:11:23 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE requests: Poppler, Quassel, Pyfribidi,
 Overkill, DocUtils, FireGPG, Wireshark

----- "Tomas Hoger" <thoger@...hat.com> wrote:

According to Tomas, only the first three things needs IDs:


> 
> e853106b58 is uninitialized pointer use flaw.  Pointer value may be
> controlled by PDF content, hence if pointed to attacker-controlled
> memory, code execution may be possible via virtual method call.  This
> should date back to very old xpdf versions.

http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf

Use CVE-2010-3702

> 
> bf2055088a seems similar to the above one.  Pointer is to the class that
> has not virtual methods, but may be used to corrupt memory.  This should
> only affect poppler versions after b1d4efb082.

http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f

Use CVE-2010-3703
> 
> 39d140bfc0 array indexing error / underflow.  On platforms where atoi can
> return negative result, this can allow out-of-array-bounds write.  Code
> appears in old xpdf versions too.

http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473

Use CVE-2010-3704

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.