CVE-2010-5110Improper Input Validation in Poppler

CWE-20Improper Input ValidationCWE-122Heap-based Buffer Overflow7 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.8%
top 26.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freedesktop Poppler
Timeline
PublishedAug 29
Latest updateMay 17

Description

DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Debianfreedesktop/poppler< 0.16.3-1+3
NVDfreedesktop/poppler0.13.2+2

Patches

Patch: cgit.freedesktop.orgPatch: cgit.freedesktop.org

🔴Vulnerability Details

3
GHSA
GHSA-gcpq-g2qm-gjvr: DCTStream2022-05-17
CVEList
CVE-2010-5110: DCTStream2014-08-29
OSV
CVE-2010-5110: DCTStream2014-08-29

📋Vendor Advisories

2
Red Hat
poppler: heap based buffer overflow in DCTStream.cc2010-01-27
Debian
CVE-2010-5110: poppler - DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial ...2010

💬Community

1
Bugzilla
CVE-2010-5110 poppler: heap based buffer overflow in DCTStream.cc2010-10-28
CVE-2010-5110 — Improper Input Validation in Poppler | cvebase