CVE-2010-3702

CWE-476 — NULL Pointer Dereference8 documents8 sources

Severity

7.5HIGH

EPSS

2.9%

top 13.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Freedesktop Poppler Xpdfreader Xpdf +8 more

Timeline

PublishedNov 5

Latest updateMay 17

Description

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages10 packages

▶Debianxpdf< 3.02-9+3

▶Debianpoppler< 0.12.4-1.2+3

▶NVDapple/cups1.3.11

▶NVDxpdfreader/xpdf3.01+1

▶NVDfreedesktop/poppler0.8.7 — 0.15.1

Also affects: Debian Linux 5.0, 6.0, Fedora 12, 13, 14, Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.04, 9.10

Patches

Patch: cgit.freedesktop.org ↗Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-89fq-mfqc-jvjp: The Gfx::getPos function in the PDF parser in xpdf before 3↗2022-05-17

▶

CVEList

CVE-2010-3702: The Gfx::getPos function in the PDF parser in xpdf before 3↗2010-11-05

▶

OSV

CVE-2010-3702: The Gfx::getPos function in the PDF parser in xpdf before 3↗2010-11-05

▶

📋Vendor Advisories

Ubuntu

poppler vulnerabilities↗2010-10-19

▶

Red Hat

xpdf: uninitialized Gfx::parser pointer dereference↗2010-09-24

▶

Debian

CVE-2010-3702: poppler - The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7...↗2010

▶

💬Community

Bugzilla

CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference↗2010-05-24

▶