CVE-2010-3702
published 2010-11-05CVE-2010-3702: The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | <= 1.3.11 | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | poppler | < poppler 0.12.4-1.2 (bookworm) | poppler 0.12.4-1.2 (bookworm) |
| debian | xpdf | < poppler 0.12.4-1.2 (bookworm) | poppler 0.12.4-1.2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| freedesktop | poppler | >= 0 < 0.12.4-1.2 | 0.12.4-1.2 |
| freedesktop | poppler | >= 0 < 0.12.4-1.2 | 0.12.4-1.2 |
| freedesktop | poppler | >= 0 < 0.12.4-1.2 | 0.12.4-1.2 |
| freedesktop | poppler | >= 0 < 0.12.4-1.2 | 0.12.4-1.2 |
| freedesktop | poppler | 0.8.7 – 0.15.1 | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH