VulnerableCode Package Details - pkg:ebuild/app-text/xpdf@3.02-r4

Search for packages

Vulnerability	Summary	Fixed by
VCID-p4cm-xgwu-aaas Aliases: CVE-2009-4035	The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.	There are no reported fixed by versions.
VCID-qbky-5grj-aaah Aliases: CVE-2010-3702	The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.	There are no reported fixed by versions.
VCID-zg5j-cxdf-aaac Aliases: CVE-2010-3704	The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-p4cm-xgwu-aaas
Aliases:
CVE-2009-4035

The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.

There are no reported fixed by versions.

VCID-qbky-5grj-aaah
Aliases:
CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

There are no reported fixed by versions.

VCID-zg5j-cxdf-aaac
Aliases:
CVE-2010-3704

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T12:42:37.092532+00:00	Gentoo Importer	Affected by	VCID-zg5j-cxdf-aaac	https://security.gentoo.org/glsa/201402-17	36.0.0
2025-03-28T12:42:37.081502+00:00	Gentoo Importer	Affected by	VCID-qbky-5grj-aaah	https://security.gentoo.org/glsa/201402-17	36.0.0
2025-03-28T12:42:37.070267+00:00	Gentoo Importer	Affected by	VCID-p4cm-xgwu-aaas	https://security.gentoo.org/glsa/201402-17	36.0.0
2024-09-18T07:36:59.983503+00:00	Gentoo Importer	Affected by	VCID-zg5j-cxdf-aaac	https://security.gentoo.org/glsa/201402-17	34.0.1
2024-09-18T07:36:59.969331+00:00	Gentoo Importer	Affected by	VCID-qbky-5grj-aaah	https://security.gentoo.org/glsa/201402-17	34.0.1
2024-09-18T07:36:59.954664+00:00	Gentoo Importer	Affected by	VCID-p4cm-xgwu-aaas	https://security.gentoo.org/glsa/201402-17	34.0.1
2024-01-04T01:43:07.886030+00:00	Gentoo Importer	Affected by	VCID-zg5j-cxdf-aaac	https://security.gentoo.org/glsa/201402-17	34.0.0rc1
2024-01-04T01:43:07.873225+00:00	Gentoo Importer	Affected by	VCID-qbky-5grj-aaah	https://security.gentoo.org/glsa/201402-17	34.0.0rc1
2024-01-04T01:43:07.860221+00:00	Gentoo Importer	Affected by	VCID-p4cm-xgwu-aaas	https://security.gentoo.org/glsa/201402-17	34.0.0rc1