CentOS Update For Poppler CESA-2010:0749 Centos5 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. An uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.

Affected

poppler on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2010-October/017056.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3702, CVE-2010-3704
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Update for poppler CESA-2010:0749 centos5 i386

Take action and discover your vulnerabilities