Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Oct 2010 15:11:23 -0400 (EDT)
From: Josh Bressers <>
Cc: coley <>
Subject: Re: CVE requests: Poppler, Quassel, Pyfribidi,
 Overkill, DocUtils, FireGPG, Wireshark

----- "Tomas Hoger" <> wrote:

According to Tomas, only the first three things needs IDs:

> e853106b58 is uninitialized pointer use flaw.  Pointer value may be
> controlled by PDF content, hence if pointed to attacker-controlled
> memory, code execution may be possible via virtual method call.  This
> should date back to very old xpdf versions.

Use CVE-2010-3702

> bf2055088a seems similar to the above one.  Pointer is to the class that
> has not virtual methods, but may be used to corrupt memory.  This should
> only affect poppler versions after b1d4efb082.

Use CVE-2010-3703
> 39d140bfc0 array indexing error / underflow.  On platforms where atoi can
> return negative result, this can allow out-of-array-bounds write.  Code
> appears in old xpdf versions too.

Use CVE-2010-3704



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ