New Search

The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0 gpdf 2.8.2 kpdf in kdegraphics 3.3.1 and possibly other libraries and versions does not check the return value of the getNextLine function which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value leading to a signed-to-unsigned integer conversion error and a buffer overflow.

oval:org.mitre.oval:def:10996

The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0 gpdf 2.8.2 kpdf in kdegraphics 3.3.1 and possibly other libraries and versions does not check the return value of the getNextLine function which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value leading to a signed-to-unsigned integer conversion error and a buffer overflow.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 4
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2009-4035
Product(s):