CVE-2010-3704 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3704): The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption. CVE-2010-3702 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3702): The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. CVE-2009-4035 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4035): The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow. Looking at the xpdf-3.02-r4 ebuild, it seems it uses pl3. Please bump to using pl5.
*** Bug 388089 has been marked as a duplicate of this bug. ***
@printing: 3.03 is out, with the following security update (from changelog): -Fixed a buffer overflow security hole in StreamPredictor. -Rewrote the CCITTFax decoder inner loop - this fixes a security hole. -Fixed two security holes (missing bounds checks) in the DCT decoder. -Fixed a security hole: integer bounds check in the Type 1 encoding parser in FoFiType1.cc -Commented out the t1lib section in the configure script -- t1lib has some potential security holes, and hasn't been updated in years.
Removed from the portage tree.
(In reply to comment #3) > Removed from the portage tree. Thank you. GLSA request filed.
I've just come across this on noting that xpdf is no longer in the portage tree. Am I reading right that it was temporarily removed due to this bug? Is it coming back? Can I help with getting it back?
(In reply to Martin Bays from comment #5) > I've just come across this on noting that xpdf is no longer in the portage > tree. Am I reading right that it was temporarily removed due to this bug? Is > it coming back? Can I help with getting it back? Open another bugreport for this, this one is for tracking security vulnerabilities and GLSA release process(that continues even if package was removed from tree).
This issue was resolved and addressed in GLSA 201402-17 at http://security.gentoo.org/glsa/glsa-201402-17.xml by GLSA coordinator Mikle Kolyada (Zlogene).