[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247621

 
 

909

 
 

194512

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3703Date: (C)2010-11-05   (M)2023-12-22


The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECUNIA-42357
FEDORA-2010-15857
FEDORA-2010-15911
FEDORA-2010-15981
MDVSA-2010:231
RHSA-2010:0859
SSA:2010-324-01
SUSE-SR:2010:024
USN-1005-1
http://www.openwall.com/lists/oss-security/2010/10/04/6
http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
https://bugzilla.redhat.com/show_bug.cgi?id=639356

CWE    1
CWE-20
OVAL    7
oval:org.secpod.oval:def:100466
oval:org.secpod.oval:def:300088
oval:org.secpod.oval:def:700199
oval:org.secpod.oval:def:100319
...

© SecPod Technologies