CVE-2010-5110
published 2014-08-29CVE-2010-5110: DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.98%
85.6th percentile
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | poppler | < poppler 0.16.3-1 (bookworm) | poppler 0.16.3-1 (bookworm) |
| freedesktop | poppler | <= 0.13.2 | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | — | — |
| freedesktop | poppler | >= 0 < 0.16.3-1 | 0.16.3-1 |
| freedesktop | poppler | >= 0 < 0.16.3-1 | 0.16.3-1 |
| freedesktop | poppler | >= 0 < 0.16.3-1 | 0.16.3-1 |
| freedesktop | poppler | >= 0 < 0.16.3-1 | 0.16.3-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gcpq-g2qm-gjvr: DCTStream
ghsa_unreviewed·2022-05-17
CVE-2010-5110 [MEDIUM] CWE-20 GHSA-gcpq-g2qm-gjvr: DCTStream
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
OSV
CVE-2010-5110: DCTStream
osv·2014-08-29·CVSS 4.3
CVE-2010-5110 [MEDIUM] CVE-2010-5110: DCTStream
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
Red Hat
poppler: heap based buffer overflow in DCTStream.cc
vendor_redhat·2010-01-27·CVSS 4.3
CVE-2010-5110 [MEDIUM] CWE-122 poppler: heap based buffer overflow in DCTStream.cc
poppler: heap based buffer overflow in DCTStream.cc
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
Package: poppler (Red Hat Enterprise Linux 5) - Will not fix
Package: poppler (Red Hat Enterprise Linux 6) - Will not fix
Package: poppler (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2010-5110: poppler - DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial ...
vendor_debian·2010·CVSS 4.3
CVE-2010-5110 [MEDIUM] CVE-2010-5110: poppler - DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial ...
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
Scope: local
bookworm: resolved (fixed in 0.16.3-1)
bullseye: resolved (fixed in 0.16.3-1)
forky: resolved (fixed in 0.16.3-1)
sid: resolved (fixed in 0.16.3-1)
trixie: resolved (fixed in 0.16.3-1)
No detection rules found.
No public exploits indexed.
http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8http://comments.gmane.org/gmane.comp.security.oss.general/11132http://secunia.com/advisories/59857https://bugs.freedesktop.org/show_bug.cgi?id=26280https://www.suse.com/support/update/announcement/2014/suse-su-20140817-1.htmlhttp://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8http://comments.gmane.org/gmane.comp.security.oss.general/11132http://secunia.com/advisories/59857https://bugs.freedesktop.org/show_bug.cgi?id=26280https://www.suse.com/support/update/announcement/2014/suse-su-20140817-1.html
2014-08-29
Published