Synopsis: Important: poppler security update Issue date: 2010-11-10 CVE Names: CVE-2010-3702 CVE-2010-3703 CVE-2010-3704 Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) SL 6.x SRPMS: poppler-0.12.4-3.el6_0.1.src.rpm i386: poppler-0.12.4-3.el6_0.1.i686.rpm poppler-devel-0.12.4-3.el6_0.1.i686.rpm poppler-glib-0.12.4-3.el6_0.1.i686.rpm poppler-glib-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt-devel-0.12.4-3.el6_0.1.i686.rpm poppler-utils-0.12.4-3.el6_0.1.i686.rpm x86_64: poppler-0.12.4-3.el6_0.1.i686.rpm poppler-0.12.4-3.el6_0.1.x86_64.rpm poppler-devel-0.12.4-3.el6_0.1.i686.rpm poppler-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-glib-0.12.4-3.el6_0.1.i686.rpm poppler-glib-0.12.4-3.el6_0.1.x86_64.rpm poppler-glib-devel-0.12.4-3.el6_0.1.i686.rpm poppler-glib-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt-0.12.4-3.el6_0.1.i686.rpm poppler-qt-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt4-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt4-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-qt-devel-0.12.4-3.el6_0.1.i686.rpm poppler-qt-devel-0.12.4-3.el6_0.1.x86_64.rpm poppler-utils-0.12.4-3.el6_0.1.x86_64.rpm -Connie Sieh -Troy Dawson