CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
References
Link Resource
http://www.redhat.com/support/errata/RHSA-2010-0749.html Third Party Advisory
http://www.ubuntu.com/usn/USN-1005-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=595245 Issue Tracking Patch Third Party Advisory
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf Patch Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0753.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0751.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0752.html Third Party Advisory
http://www.securityfocus.com/bid/43845 Third Party Advisory VDB Entry
http://www.debian.org/security/2010/dsa-2119 Third Party Advisory
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0750.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/04/6 Mailing List Patch Third Party Advisory
http://www.vupen.com/english/advisories/2010/2897 Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html Third Party Advisory
http://secunia.com/advisories/42141 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0754.html Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html Mailing List Third Party Advisory
http://secunia.com/advisories/42397 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0755.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0859.html Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:228 Third Party Advisory
http://secunia.com/advisories/42357 Third Party Advisory
http://www.vupen.com/english/advisories/2010/3097 Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720 Third Party Advisory
http://secunia.com/advisories/42691 Third Party Advisory
http://www.debian.org/security/2010/dsa-2135 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html Mailing List Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html Third Party Advisory
http://www.vupen.com/english/advisories/2011/0230 Third Party Advisory
http://secunia.com/advisories/43079 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1201.html Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:3.02:-:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:3.02:pl1:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:3.02:pl2:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:3.02:pl3:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:3.02:pl4:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

Information

Published : 2010-11-05 11:00

Updated : 2020-12-23 07:01


NVD link : CVE-2010-3702

Mitre link : CVE-2010-3702


JSON object : View

CWE
CWE-476

NULL Pointer Dereference

Advertisement

dedicated server usa

Products Affected

redhat

  • enterprise_linux_desktop
  • enterprise_linux_workstation
  • enterprise_linux_server

apple

  • cups

freedesktop

  • poppler

fedoraproject

  • fedora

canonical

  • ubuntu_linux

xpdfreader

  • xpdf

debian

  • debian_linux

suse

  • linux_enterprise_server

opensuse

  • opensuse