Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2010-3702

Published: 05/11/2010 Updated: 23/12/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apple

Vulnerability Summary

The Gfx::getPos function in the PDF parser in xpdf prior to 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent malicious users to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple cups

freedesktop poppler

xpdfreader xpdf

xpdfreader xpdf 3.02

fedoraproject fedora 12

fedoraproject fedora 13

fedoraproject fedora 14

opensuse opensuse 11.1

opensuse opensuse 11.2

opensuse opensuse 11.3

suse linux enterprise server 9

suse linux enterprise server 10

suse linux enterprise server 11

debian debian linux 5.0

debian debian linux 6.0

redhat enterprise linux desktop 5.0

redhat enterprise linux server 5.0

redhat enterprise linux workstation 5.0

canonical ubuntu linux 6.06

canonical ubuntu linux 8.04

canonical ubuntu linux 9.04

canonical ubuntu linux 9.10

canonical ubuntu linux 10.04

canonical ubuntu linux 10.10

Vendor Advisories

Debian CVElist Bug Report Logs: poppler: Several security issues
Debian Bug report logs - #599165 poppler: Several security issues Package: poppler; Maintainer for poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 5 Oct 2010 09:00:01 UTC Severity: grave Tags: ...
Ubuntu Security Notice: poppler vulnerabilities
It was discovered that poppler contained multiple security issues when parsing malformed PDF documents If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program ...
Debian Security Advisories: DSA-2135-1 xpdf -- several vulnerabilities
Joel Voss of Leviathan Security Group discovered two vulnerabilities in xpdf rendering engine, which may lead to the execution of arbitrary code if a malformed PDF file is opened For the stable distribution (lenny), these problems have been fixed in version 302-14+lenny3 For the upcoming stable distribution (squeeze) and the unstable distributi ...
Debian Security Advisories: DSA-2119-1 poppler -- several vulnerabilities
Joel Voss of Leviathan Security Group discovered two vulnerabilities in the Poppler PDF rendering library, which may lead to the execution of arbitrary code if a malformed PDF file is opened For the stable distribution (lenny), these problems have been fixed in version 087-4 For the unstable distribution (sid), these problems will be fixed soon ...
Red Hat: Important: cups security update
Synopsis Important: cups security update Type/Severity Security Advisory: Important Topic Updated cups packages that fix one security issue are now available for RedHat Enterprise Linux 3The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability Scor ...
Red Hat: Important: kdegraphics security update
Synopsis Important: kdegraphics security update Type/Severity Security Advisory: Important Topic Updated kdegraphics packages that fix two security issues are now availablefor Red Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as havingimportant security impact Common ...
Red Hat: Important: xpdf security update
Synopsis Important: xpdf security update Type/Severity Security Advisory: Important Topic An updated xpdf package that fixes one security issue is now available forRed Hat Enterprise Linux 3The Red Hat Security Response Team has rated this update as havingimportant security impact A Common Vulnerability S ...
Red Hat: Important: poppler security update
Synopsis Important: poppler security update Type/Severity Security Advisory: Important Topic Updated poppler packages that fix two security issues are now available forRed Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerability ...
Red Hat: Moderate: tetex security update
Synopsis Moderate: tetex security update Type/Severity Security Advisory: Moderate Topic Updated tetex packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability S ...
Red Hat: Important: xpdf security update
Synopsis Important: xpdf security update Type/Severity Security Advisory: Important Topic An updated xpdf package that fixes two security issues is now available forRed Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerability Sc ...
Red Hat: Important: gpdf security update
Synopsis Important: gpdf security update Type/Severity Security Advisory: Important Topic An updated gpdf package that fixes two security issues is now available forRed Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerability Sc ...
Red Hat: Important: cups security update
Synopsis Important: cups security update Type/Severity Security Advisory: Important Topic Updated cups packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as havingimportant security impact Common Vulnerability ...

References

CWE-476http://www.redhat.com/support/errata/RHSA-2010-0749.htmlhttp://www.ubuntu.com/usn/USN-1005-1https://bugzilla.redhat.com/show_bug.cgi?id=595245http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cfhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0753.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0751.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0752.htmlhttp://www.securityfocus.com/bid/43845http://www.debian.org/security/2010/dsa-2119ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patchhttp://www.redhat.com/support/errata/RHSA-2010-0750.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.htmlhttp://www.openwall.com/lists/oss-security/2010/10/04/6http://www.vupen.com/english/advisories/2010/2897http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.htmlhttp://secunia.com/advisories/42141http://www.redhat.com/support/errata/RHSA-2010-0754.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:230http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.htmlhttp://secunia.com/advisories/42397http://www.mandriva.com/security/advisories?name=MDVSA-2010:229http://www.redhat.com/support/errata/RHSA-2010-0755.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0859.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:231http://www.mandriva.com/security/advisories?name=MDVSA-2010:228http://secunia.com/advisories/42357http://www.vupen.com/english/advisories/2010/3097http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720http://secunia.com/advisories/42691http://www.debian.org/security/2010/dsa-2135http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.htmlhttp://www.vupen.com/english/advisories/2011/0230http://secunia.com/advisories/43079http://rhn.redhat.com/errata/RHSA-2012-1201.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:144https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165https://usn.ubuntu.com/1005-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook