Lucene search

Veracode Vulnerability DatabaseVERACODE:24191

HistoryApr 10, 2020 - 12:48 a.m.

Arbitrary Code Execution

2020-04-1000:48:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

xpdf is vulnerable to arbitrary code execution. The vulnerability exists as an array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code.

CPENameOperatorVersion
xpdfeq3.00__14.el4
xpdfeq3.00__20.el4
xpdfeq3.00__22.el4_8.1
xpdfeq3.00__16.el4
xpdfeq3.00__23.el4_8.1
kdegraphicseq3.3.1__10.el4
kdegraphicseq3.5.4__13.el5_3
kdegraphicseq3.5.4__15.el5_4.2
kdegraphicseq3.3.1__13.el4
kdegraphicseq3.5.4__6.el5

Name	Operator	Version
xpdf	eq	3.00__14.el4
xpdf	eq	3.00__20.el4
xpdf	eq	3.00__22.el4_8.1
xpdf	eq	3.00__16.el4
xpdf	eq	3.00__23.el4_8.1
kdegraphics	eq	3.3.1__10.el4
kdegraphics	eq	3.5.4__13.el5_3
kdegraphics	eq	3.5.4__15.el5_4.2
kdegraphics	eq	3.3.1__13.el4
kdegraphics	eq	3.5.4__6.el5

Rows per page:

1-10 of 421

References

cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch

lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html

lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

rhn.redhat.com/errata/RHSA-2012-1201.html

secunia.com/advisories/42141

secunia.com/advisories/42357

secunia.com/advisories/42397

secunia.com/advisories/42691

secunia.com/advisories/43079

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720

www.debian.org/security/2010/dsa-2119

www.debian.org/security/2010/dsa-2135

www.mandriva.com/security/advisories?name=MDVSA-2010:228

www.mandriva.com/security/advisories?name=MDVSA-2010:229

www.mandriva.com/security/advisories?name=MDVSA-2010:230

www.mandriva.com/security/advisories?name=MDVSA-2010:231

www.mandriva.com/security/advisories?name=MDVSA-2012:144

www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html

www.openwall.com/lists/oss-security/2010/10/04/6

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2010-0749.html

www.redhat.com/support/errata/RHSA-2010-0751.html

www.redhat.com/support/errata/RHSA-2010-0752.html

www.redhat.com/support/errata/RHSA-2010-0753.html

www.redhat.com/support/errata/RHSA-2010-0859.html

www.securityfocus.com/bid/43841

www.ubuntu.com/usn/USN-1005-1

www.vupen.com/english/advisories/2010/2897

www.vupen.com/english/advisories/2010/3097

www.vupen.com/english/advisories/2011/0230

access.redhat.com/errata/RHSA-2010:0751

bugzilla.redhat.com/show_bug.cgi?id=638960

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:24191