CVE-2009-4035
published 2009-12-21CVE-2009-4035: The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 0.5.1-1 (bookworm) | poppler 0.5.1-1 (bookworm) |
| debian | xpdf | < poppler 0.5.1-1 (bookworm) | poppler 0.5.1-1 (bookworm) |
| freedesktop | poppler | >= 0 < 0.5.1-1 | 0.5.1-1 |
| freedesktop | poppler | >= 0 < 0.5.1-1 | 0.5.1-1 |
| freedesktop | poppler | >= 0 < 0.5.1-1 | 0.5.1-1 |
| freedesktop | poppler | >= 0 < 0.5.1-1 | 0.5.1-1 |
| gnome | gpdf | — | — |
| kde | kdegraphics | — | — |
| kde | kpdf | — | — |
| xpdf | xpdf | — | — |
| xpdf | xpdf | >= 0 < 3.01-1 | 3.01-1 |
| xpdf | xpdf | >= 0 < 3.01-1 | 3.01-1 |
| xpdf | xpdf | >= 0 < 3.01-1 | 3.01-1 |
| xpdf | xpdf | >= 0 < 3.01-1 | 3.01-1 |
CVSS provenance
nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL