// For flags

CVE-2009-4035

xpdf: buffer overflow in FoFiType1::parse

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.

La función FoFiType1::parse en fofi/FoFiType1.cc en Xpdf v3.0.0, en gpdf v2.8.2, en kpdf en kdegraphics v3.3.1, y posiblemente otras liberías y versiones, no verifica el valor de retorno de la función getNextLine, permite a los atacantes dependientes del contexto ejecutar código de su elección mediante un fichero PDF con una fuente Type 1 modificada que puede producir un valor negativo, conduciendo a un error de conversión de entero signed-to-unsigned y un desbordamiento de búfer.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-11-20 CVE Reserved
  • 2009-12-21 CVE Published
  • 2024-06-20 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnome
Search vendor "Gnome"
Gpdf
Search vendor "Gnome" for product "Gpdf"
2.8.2
Search vendor "Gnome" for product "Gpdf" and version "2.8.2"
-
Affected
Kde
Search vendor "Kde"
Kdegraphics
Search vendor "Kde" for product "Kdegraphics"
3.3.1
Search vendor "Kde" for product "Kdegraphics" and version "3.3.1"
-
Affected
Kde
Search vendor "Kde"
Kpdf
Search vendor "Kde" for product "Kpdf"
3.3.1
Search vendor "Kde" for product "Kpdf" and version "3.3.1"
-
Affected
Xpdf
Search vendor "Xpdf"
Xpdf
Search vendor "Xpdf" for product "Xpdf"
3.0.0
Search vendor "Xpdf" for product "Xpdf" and version "3.0.0"
-
Affected