(RHSA-2010:0859) Important: poppler security update

2010-11-10T05:00:00
ID RHSA-2010:0859
Type redhat
Reporter RedHat
Modified 2018-06-06T20:24:21

Description

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.

Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703)

An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)

Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.