CVE-2010-3703Improper Input Validation in Poppler

CWE-20Improper Input Validation8 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
1.1%
top 21.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Freedesktop PopplerXpdfPoppler
Timeline
PublishedNov 5
Latest updateMay 17

Description

The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

Debianfreedesktop/poppler< 0.12.4-1.2+3
NVDpoppler/poppler35 versions+34
Debianxpdf/xpdf< 3.02-9+3

🔴Vulnerability Details

3
GHSA
GHSA-qgg5-h322-m2xw: The PostScriptFunction::PostScriptFunction function in poppler/Function2022-05-17
OSV
CVE-2010-3703: The PostScriptFunction::PostScriptFunction function in poppler/Function2010-11-05
CVEList
CVE-2010-3703: The PostScriptFunction::PostScriptFunction function in poppler/Function2010-11-05

📋Vendor Advisories

3
Ubuntu
poppler vulnerabilities2010-10-19
Red Hat
poppler: use of initialized pointer in PostScriptFunction2010-09-24
Debian
CVE-2010-3703: poppler - The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in th...2010

💬Community

1
Bugzilla
CVE-2010-3703 poppler: use of initialized pointer in PostScriptFunction2010-10-01
CVE-2010-3703 — Improper Input Validation in Poppler | cvebase