CVE-2010-3702
xpdf: uninitialized Gfx::parser pointer dereference
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
La función Gfx::getPos en el analizador PDF en Xpdf versión anterior a 3.02 PL5, Poppler versión 0.8.7 y posiblemente otras versiones hasta la 0.15.1, CUPS, kdegraphics, y posiblemente otros productos permite que los atacantes dependiendo del contexto generen una denegación de servicio (bloqueo) por medio de vectores desconocidos que desencadenan una desreferencia de puntero no inicializada.
Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-10-01 CVE Reserved
- 2010-11-05 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (42)
| URL | Tag | Source |
|---|---|---|
| ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch | Broken Link | |
| http://secunia.com/advisories/42141 | Third Party Advisory | |
| http://secunia.com/advisories/42357 | Third Party Advisory | |
| http://secunia.com/advisories/42397 | Third Party Advisory | |
| http://secunia.com/advisories/42691 | Third Party Advisory | |
| http://secunia.com/advisories/43079 | Third Party Advisory | |
| http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html | Third Party Advisory | |
| http://www.securityfocus.com/bid/43845 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2010/2897 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2010/3097 | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2011/0230 | Third Party Advisory |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Cups Search vendor "Apple" for product "Cups" | <= 1.3.11 Search vendor "Apple" for product "Cups" and version " <= 1.3.11" | - |
Affected
| ||||||
| Freedesktop Search vendor "Freedesktop" | Poppler Search vendor "Freedesktop" for product "Poppler" | >= 0.8.7 <= 0.15.1 Search vendor "Freedesktop" for product "Poppler" and version " >= 0.8.7 <= 0.15.1" | - |
Affected
| ||||||
| Xpdfreader Search vendor "Xpdfreader" | Xpdf Search vendor "Xpdfreader" for product "Xpdf" | <= 3.01 Search vendor "Xpdfreader" for product "Xpdf" and version " <= 3.01" | - |
Affected
| ||||||
| Xpdfreader Search vendor "Xpdfreader" | Xpdf Search vendor "Xpdfreader" for product "Xpdf" | 3.02 Search vendor "Xpdfreader" for product "Xpdf" and version "3.02" | - |
Affected
| ||||||
| Xpdfreader Search vendor "Xpdfreader" | Xpdf Search vendor "Xpdfreader" for product "Xpdf" | 3.02 Search vendor "Xpdfreader" for product "Xpdf" and version "3.02" | pl1 |
Affected
| ||||||
| Xpdfreader Search vendor "Xpdfreader" | Xpdf Search vendor "Xpdfreader" for product "Xpdf" | 3.02 Search vendor "Xpdfreader" for product "Xpdf" and version "3.02" | pl2 |
Affected
| ||||||
| Xpdfreader Search vendor "Xpdfreader" | Xpdf Search vendor "Xpdfreader" for product "Xpdf" | 3.02 Search vendor "Xpdfreader" for product "Xpdf" and version "3.02" | pl3 |
Affected
| ||||||
| Xpdfreader Search vendor "Xpdfreader" | Xpdf Search vendor "Xpdfreader" for product "Xpdf" | 3.02 Search vendor "Xpdfreader" for product "Xpdf" and version "3.02" | pl4 |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 12 Search vendor "Fedoraproject" for product "Fedora" and version "12" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 13 Search vendor "Fedoraproject" for product "Fedora" and version "13" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 14 Search vendor "Fedoraproject" for product "Fedora" and version "14" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.1 Search vendor "Opensuse" for product "Opensuse" and version "11.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.2 Search vendor "Opensuse" for product "Opensuse" and version "11.2" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 11.3 Search vendor "Opensuse" for product "Opensuse" and version "11.3" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 9 Search vendor "Suse" for product "Linux Enterprise Server" and version "9" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 10 Search vendor "Suse" for product "Linux Enterprise Server" and version "10" | sp3 |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11" | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server" | 11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11" | sp1 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 9.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10" | - |
Affected
| ||||||