Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Oct 2010 15:11:23 -0400 (EDT)
From: Josh Bressers <>
Cc: coley <>
Subject: Re: CVE requests: Poppler, Quassel, Pyfribidi,
 Overkill, DocUtils, FireGPG, Wireshark

----- "Tomas Hoger" <> wrote:

According to Tomas, only the first three things needs IDs:

> e853106b58 is uninitialized pointer use flaw.  Pointer value may be
> controlled by PDF content, hence if pointed to attacker-controlled
> memory, code execution may be possible via virtual method call.  This
> should date back to very old xpdf versions.

Use CVE-2010-3702

> bf2055088a seems similar to the above one.  Pointer is to the class that
> has not virtual methods, but may be used to corrupt memory.  This should
> only affect poppler versions after b1d4efb082.

Use CVE-2010-3703
> 39d140bfc0 array indexing error / underflow.  On platforms where atoi can
> return negative result, this can allow out-of-array-bounds write.  Code
> appears in old xpdf versions too.

Use CVE-2010-3704



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.