CVE-2010-4653

Published: 13 November 2019

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

Priority

CVSS 3 base score: 6.5

Status

Package	Release	Status
ipe Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Not vulnerable (code not present)
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Not vulnerable (code not present)
	groovy	Not vulnerable (code not present)
	hardy	Ignored (reached end-of-life)
	lucid	Ignored (reached end-of-life)
	maverick	Ignored (reached end-of-life)
	natty	Ignored (reached end-of-life)
	oneiric	Ignored (reached end-of-life)
	precise	Does not exist
	quantal	Ignored (reached end-of-life)
	raring	Ignored (reached end-of-life)
	saucy	Ignored (reached end-of-life)
	trusty	Does not exist
	upstream	Needs triage
	utopic	Ignored (reached end-of-life)
	vivid	Ignored (reached end-of-life)
	wily	Ignored (reached end-of-life)
	xenial	Not vulnerable (code not present)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
koffice Launchpad, Ubuntu, Debian	artful	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	groovy	Does not exist
	hardy	Ignored (reached end-of-life)
	lucid	Not vulnerable (code not present)
	maverick	Not vulnerable (code not present)
	natty	Not vulnerable (code not present)
	oneiric	Not vulnerable (code not present)
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist
libextractor Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Not vulnerable (code not present)
	cosmic	Ignored (reached end-of-life)
	disco	Ignored (reached end-of-life)
	eoan	Ignored (reached end-of-life)
	focal	Not vulnerable (code not present)
	groovy	Not vulnerable (code not present)
	hardy	Ignored (reached end-of-life)
	lucid	Ignored (reached end-of-life)
	maverick	Ignored (reached end-of-life)
	natty	Ignored (reached end-of-life)
	oneiric	Ignored (reached end-of-life)
	precise	Does not exist
	quantal	Ignored (reached end-of-life)
	raring	Ignored (reached end-of-life)
	saucy	Ignored (reached end-of-life)
	trusty	Does not exist
	upstream	Needs triage
	utopic	Ignored (reached end-of-life)
	vivid	Ignored (reached end-of-life)
	wily	Ignored (reached end-of-life)
	xenial	Not vulnerable (code not present)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)
poppler Launchpad, Ubuntu, Debian	artful	Not vulnerable
	bionic	Not vulnerable
	cosmic	Not vulnerable
	disco	Not vulnerable
	eoan	Not vulnerable
	focal	Not vulnerable
	groovy	Not vulnerable
	hardy	Ignored (reached end-of-life)
	lucid	Ignored (reached end-of-life)
	maverick	Ignored (reached end-of-life)
	natty	Not vulnerable (0.16.4-0ubuntu1.1)
	oneiric	Not vulnerable
	precise	Does not exist (precise was not-affected)
	quantal	Not vulnerable
	raring	Not vulnerable
	saucy	Not vulnerable
	trusty	Does not exist (trusty was not-affected)
	upstream	Released (0.16.4)
	utopic	Not vulnerable
	vivid	Not vulnerable
	wily	Not vulnerable
	xenial	Not vulnerable
	yakkety	Not vulnerable
	zesty	Not vulnerable
	Patches: upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
xpdf Launchpad, Ubuntu, Debian	artful	Ignored (reached end-of-life)
	bionic	Not vulnerable (3.02-9)
	cosmic	Ignored (reached end-of-life)
	disco	Not vulnerable (3.02-9)
	eoan	Not vulnerable (3.02-9)
	focal	Does not exist
	groovy	Does not exist
	hardy	Ignored (reached end-of-life)
	lucid	Ignored (reached end-of-life)
	maverick	Ignored (reached end-of-life)
	natty	Ignored (reached end-of-life)
	oneiric	Ignored (reached end-of-life)
	precise	Does not exist (precise was needs-triage)
	quantal	Ignored (reached end-of-life)
	raring	Ignored (reached end-of-life)
	saucy	Ignored (reached end-of-life)
	trusty	Does not exist (trusty was needs-triage)
	upstream	Released (3.02-9)
	utopic	Ignored (reached end-of-life)
	vivid	Ignored (reached end-of-life)
	wily	Ignored (reached end-of-life)
	xenial	Not vulnerable (3.02-9)
	yakkety	Ignored (reached end-of-life)
	zesty	Ignored (reached end-of-life)

Notes

Author	Note
jdstrand	xpdf in koffice is 2.0 poppler patch on 10.04 and 10.10 does not have GooLikely.h so will need to add inline to poppler/CharCodeToUnicode.cc
sbeattie	libextractor and ipe do not contain vulnerable code, at least as of precise.

Author

Note

jdstrand

xpdf in koffice is 2.0
poppler patch on 10.04 and 10.10 does not have GooLikely.h
so will need to add inline to poppler/CharCodeToUnicode.cc

sbeattie

libextractor and ipe do not contain vulnerable code,
at least as of precise.

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›