1. Due to an integer overflow when parsing CharCodes for fonts and a failure to check the return value of a memory allocation, it is possible to trigger writes to a narrow range of offsets from a NULL pointer. The chance of being able to exploit this for anything other than a crash is very remote: on x86 32-bit, there's no chance (since the write occurs between 0xffffffc4 and 0xfffffffc). At least the write lands in valid userspace on x86-64, but in my testing this memory is never mapped. Fixed in poppler commit at [1], hopefully fixed soon at xpdf upstream. 2. Malformed commands may cause corruption of the internal stack used to maintain graphics contexts, leading to potentially exploitable memory corruption. Fixed in poppler commit at [2], hopefully fixed soon at xpdf upstream. -Dan [1] http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659 [2] http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9
This is already fixed in >=app-text/poppler-0.14.5.
Stabilization taking place in bug 349887.
Stabilization completed. Added to existing GLSA request.
All vulnerable versions removed from tree. Nothing to do for kde here anymore.
Nothing to do for printing either.
Will anyone still read this GLSA if it ever comes out? Come on, stable is poppler-0.20 by now.
This issue was resolved and addressed in GLSA 201310-03 at http://security.gentoo.org/glsa/glsa-201310-03.xml by GLSA coordinator Sean Amoss (ackle).