Candidate: CVE-2009-4035
PublicDate: 2009-12-21 21:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4035
Description:
 The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf
 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and
 versions, does not check the return value of the getNextLine function,
 which allows context-dependent attackers to execute arbitrary code via a
 PDF file with a crafted Type 1 font that can produce a negative value,
 leading to a signed-to-unsigned integer conversion error and a buffer
 overflow.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_kdegraphics:
upstream_kdegraphics: released (3.5.2)
dapper_kdegraphics: not-affected
hardy_kdegraphics: not-affected
intrepid_kdegraphics: not-affected
jaunty_kdegraphics: not-affected
karmic_kdegraphics: not-affected
devel_kdegraphics: not-affected

Patches_xpdf:
upstream_xpdf: released (3.01)
dapper_xpdf: not-affected
hardy_xpdf: not-affected
intrepid_xpdf: not-affected
jaunty_xpdf: not-affected
karmic_xpdf: not-affected
devel_xpdf: not-affected

Patches_poppler:
upstream_poppler: released (0.5.1)
dapper_poppler: not-affected
hardy_poppler: not-affected
intrepid_poppler: not-affected
jaunty_poppler: not-affected
karmic_poppler: not-affected
devel_poppler: not-affected