CVE-2010-4654

CWE-747 documents7 sources
Severity
7.8HIGH
EPSS
0.5%
top 35.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Freedesktop PopplerPoppler PopplerDebian Debian Linux
Timeline
PublishedNov 13
Latest updateApr 21

Description

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDfreedesktop/poppler< 0.16.3
Debianpoppler< 0.16.3-1+3
CVEListV5poppler/popplerbefore 0.16.3

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-366c-cfp4-w5fc: poppler before 02022-04-21
CVEList
CVE-2010-4654: poppler before 02019-11-13
OSV
CVE-2010-4654: poppler before 02019-11-13

📋Vendor Advisories

2
Red Hat
xpdf: corruption of the Gfx contexts states stack2010-01-21
Debian
CVE-2010-4654: poppler - poppler before 0.16.3 has malformed commands that may cause corruption of the in...2010

💬Community

1
Bugzilla
CVE-2010-4654 xpdf: corruption of the Gfx contexts states stack2011-01-24
CVE-2010-4654 (HIGH CVSS 7.8) | poppler before 0.16.3 has malformed | cvebase.io