Your submission was sent successfully! Close

CVE-2010-4653

Published: 13 November 2019

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
ipe
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(code not present)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
hardy Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
maverick Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist

quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist

upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(code not present)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
koffice
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

groovy Does not exist

hardy Ignored
(reached end-of-life)
lucid Not vulnerable
(code not present)
maverick Not vulnerable
(code not present)
natty Not vulnerable
(code not present)
oneiric Not vulnerable
(code not present)
precise Does not exist

quantal Does not exist

raring Does not exist

saucy Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

libextractor
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(code not present)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
hardy Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
maverick Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist

quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist

upstream Needs triage

utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(code not present)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
poppler
Launchpad, Ubuntu, Debian
artful Not vulnerable

bionic Not vulnerable

cosmic Not vulnerable

disco Not vulnerable

eoan Not vulnerable

focal Not vulnerable

groovy Not vulnerable

hardy Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
maverick Ignored
(reached end-of-life)
natty Not vulnerable
(0.16.4-0ubuntu1.1)
oneiric Not vulnerable

precise Does not exist
(precise was not-affected)
quantal Not vulnerable

raring Not vulnerable

saucy Not vulnerable

trusty Does not exist
(trusty was not-affected)
upstream
Released (0.16.4)
utopic Not vulnerable

vivid Not vulnerable

wily Not vulnerable

xenial Not vulnerable

yakkety Not vulnerable

zesty Not vulnerable

Patches:
upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
xpdf
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(3.02-9)
cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(3.02-9)
eoan Not vulnerable
(3.02-9)
focal Does not exist

groovy Does not exist

hardy Ignored
(reached end-of-life)
lucid Ignored
(reached end-of-life)
maverick Ignored
(reached end-of-life)
natty Ignored
(reached end-of-life)
oneiric Ignored
(reached end-of-life)
precise Does not exist
(precise was needs-triage)
quantal Ignored
(reached end-of-life)
raring Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty Does not exist
(trusty was needs-triage)
upstream
Released (3.02-9)
utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Not vulnerable
(3.02-9)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)

Notes

AuthorNote
jdstrand
xpdf in koffice is 2.0
poppler patch on 10.04 and 10.10 does not have GooLikely.h
so will need to add inline to poppler/CharCodeToUnicode.cc
sbeattie
libextractor and ipe do not contain vulnerable code,
at least as of precise.

References