CVE-2009-4035

EPSS 2.45%
Published 21.12.2009 21:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.

Affected products Warnungen 0 Metrics 2 CWE 1 References 19

Data is provided by the National Vulnerability Database (NVD)

Gnome ≫ Gpdf Version2.8.2

Kde ≫ Kdegraphics Version3.3.1

Kde ≫ Kpdf Version3.3.1

Xpdf ≫ Xpdf Version3.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.45%	0.837

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html

http://cgit.freedesktop.org/poppler/poppler/diff/fofi/FoFiType1.cc?id=4b4fc5c0

http://cgit.freedesktop.org/poppler/poppler/tree/fofi/FoFiType1.cc?id=4b4fc5c017bf147c9069bbce32fc14467bd2a81a

http://secunia.com/advisories/37641

Vendor Advisory

http://secunia.com/advisories/37781

Vendor Advisory

http://secunia.com/advisories/37787

Vendor Advisory

http://secunia.com/advisories/37793

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2009-1680.html