Vulnerability Description
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Cups | <= 1.3.11 |
| Freedesktop | Poppler | >= 0.8.7, <= 0.15.1 |
| Xpdfreader | Xpdf | <= 3.01 |
| Fedoraproject | Fedora | 12 |
| Opensuse | Opensuse | 11.1 |
| Suse | Linux Enterprise Server | 9 |
| Debian | Debian Linux | 5.0 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Enterprise Linux Server | 5.0 |
| Redhat | Enterprise Linux Workstation | 5.0 |
| Canonical | Ubuntu Linux | 6.06 |
Related Weaknesses (CWE)
References
- ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patchBroken Link
- http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd643PatchVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.htThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.htThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.htThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlMailing ListThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1201.htmlThird Party Advisory
- http://secunia.com/advisories/42141Third Party Advisory
- http://secunia.com/advisories/42357Third Party Advisory
- http://secunia.com/advisories/42397Third Party Advisory
FAQ
What is CVE-2010-3702?
CVE-2010-3702 is a vulnerability with a CVSS score of 7.5 (HIGH). The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attac...
How severe is CVE-2010-3702?
CVE-2010-3702 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3702?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Cups, Freedesktop Poppler, Xpdfreader Xpdf, Fedoraproject Fedora, Opensuse Opensuse.