[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3702Date: (C)2010-11-05   (M)2024-01-04


The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-42141
SECUNIA-42357
SECUNIA-42397
SECUNIA-42691
SECUNIA-43079
BID-43845
ADV-2010-2897
ADV-2010-3097
ADV-2011-0230
DSA-2119
DSA-2135
FEDORA-2010-15857
FEDORA-2010-15911
FEDORA-2010-15981
FEDORA-2010-16662
FEDORA-2010-16705
FEDORA-2010-16744
MDVSA-2010:228
MDVSA-2010:229
MDVSA-2010:230
MDVSA-2010:231
MDVSA-2012:144
RHSA-2010:0749
RHSA-2010:0750
RHSA-2010:0751
RHSA-2010:0752
RHSA-2010:0753
RHSA-2010:0754
RHSA-2010:0755
RHSA-2010:0859
RHSA-2012:1201
SSA:2010-324-01
SUSE-SR:2010:022
SUSE-SR:2010:023
SUSE-SR:2010:024
USN-1005-1
http://www.openwall.com/lists/oss-security/2010/10/04/6
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
https://bugzilla.redhat.com/show_bug.cgi?id=595245

CPE    15
cpe:/a:freedesktop:poppler
cpe:/o:debian:debian_linux:5.0
cpe:/o:suse:linux_enterprise_server:9
cpe:/o:canonical:ubuntu_linux:10.10
...
CWE    1
CWE-476
OVAL    39
oval:org.secpod.oval:def:201938
oval:org.secpod.oval:def:200094
oval:org.secpod.oval:def:300019
oval:org.secpod.oval:def:201781
...

© SecPod Technologies