CVE-2010-3704
xpdf: array indexing error in FoFiType1::parse()
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
La función FoFiType1::parse en fofi/FoFiType1.cc del parseador de PDF de xpdf antes de v3.02pl5, poppler v0.8.7 y posiblemente otras versiones hasta v0.15.1, kdegraphics, y posiblemente otros productos, permite a atacantes dependientes del contexto provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código arbitrario mediante un archivo PDF con una fuente Type1 modificada que contiene un índice de matriz negativo, el cual se salta la validación de entrada y que provoca una corrupción de memoria.
Multiple vulnerabilities have been found in Poppler, some of which may allow execution of arbitrary code. Versions less than 0.22.2-r1 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-10-01 CVE Reserved
- 2010-11-05 CVE Published
- 2024-08-07 CVE Updated
- 2025-05-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (38)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/42141 | Third Party Advisory | |
| http://secunia.com/advisories/42357 | Third Party Advisory | |
| http://secunia.com/advisories/42397 | Third Party Advisory | |
| http://secunia.com/advisories/42691 | Third Party Advisory | |
| http://secunia.com/advisories/43079 | Third Party Advisory | |
| http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2010/10/04/6 | Mailing List |
|
| http://www.securityfocus.com/bid/43841 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2010/2897 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2010/3097 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0230 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch | 2019-03-06 | |
| http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 | 2019-03-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.8.7 Search vendor "Poppler" for product "Poppler" and version "0.8.7" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.9.0 Search vendor "Poppler" for product "Poppler" and version "0.9.0" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.9.1 Search vendor "Poppler" for product "Poppler" and version "0.9.1" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.9.2 Search vendor "Poppler" for product "Poppler" and version "0.9.2" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.9.3 Search vendor "Poppler" for product "Poppler" and version "0.9.3" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.10.0 Search vendor "Poppler" for product "Poppler" and version "0.10.0" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.10.1 Search vendor "Poppler" for product "Poppler" and version "0.10.1" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.10.2 Search vendor "Poppler" for product "Poppler" and version "0.10.2" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.10.3 Search vendor "Poppler" for product "Poppler" and version "0.10.3" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.10.4 Search vendor "Poppler" for product "Poppler" and version "0.10.4" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.10.5 Search vendor "Poppler" for product "Poppler" and version "0.10.5" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.10.6 Search vendor "Poppler" for product "Poppler" and version "0.10.6" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.10.7 Search vendor "Poppler" for product "Poppler" and version "0.10.7" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.11.0 Search vendor "Poppler" for product "Poppler" and version "0.11.0" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.11.1 Search vendor "Poppler" for product "Poppler" and version "0.11.1" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.11.2 Search vendor "Poppler" for product "Poppler" and version "0.11.2" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.11.3 Search vendor "Poppler" for product "Poppler" and version "0.11.3" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.12.0 Search vendor "Poppler" for product "Poppler" and version "0.12.0" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.12.1 Search vendor "Poppler" for product "Poppler" and version "0.12.1" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.12.2 Search vendor "Poppler" for product "Poppler" and version "0.12.2" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.12.3 Search vendor "Poppler" for product "Poppler" and version "0.12.3" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.12.4 Search vendor "Poppler" for product "Poppler" and version "0.12.4" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.13.0 Search vendor "Poppler" for product "Poppler" and version "0.13.0" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.13.1 Search vendor "Poppler" for product "Poppler" and version "0.13.1" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.13.2 Search vendor "Poppler" for product "Poppler" and version "0.13.2" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.13.3 Search vendor "Poppler" for product "Poppler" and version "0.13.3" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.13.4 Search vendor "Poppler" for product "Poppler" and version "0.13.4" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.14.0 Search vendor "Poppler" for product "Poppler" and version "0.14.0" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.14.1 Search vendor "Poppler" for product "Poppler" and version "0.14.1" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.14.2 Search vendor "Poppler" for product "Poppler" and version "0.14.2" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.14.3 Search vendor "Poppler" for product "Poppler" and version "0.14.3" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.14.4 Search vendor "Poppler" for product "Poppler" and version "0.14.4" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.14.5 Search vendor "Poppler" for product "Poppler" and version "0.14.5" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.15.0 Search vendor "Poppler" for product "Poppler" and version "0.15.0" | - |
Affected
| ||||||
| Poppler Search vendor "Poppler" | Poppler Search vendor "Poppler" for product "Poppler" | 0.15.1 Search vendor "Poppler" for product "Poppler" and version "0.15.1" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.5a Search vendor "Foolabs" for product "Xpdf" and version "0.5a" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.7a Search vendor "Foolabs" for product "Xpdf" and version "0.7a" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.91a Search vendor "Foolabs" for product "Xpdf" and version "0.91a" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.91b Search vendor "Foolabs" for product "Xpdf" and version "0.91b" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.91c Search vendor "Foolabs" for product "Xpdf" and version "0.91c" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.92a Search vendor "Foolabs" for product "Xpdf" and version "0.92a" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.92b Search vendor "Foolabs" for product "Xpdf" and version "0.92b" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.92c Search vendor "Foolabs" for product "Xpdf" and version "0.92c" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.92d Search vendor "Foolabs" for product "Xpdf" and version "0.92d" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.92e Search vendor "Foolabs" for product "Xpdf" and version "0.92e" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.93a Search vendor "Foolabs" for product "Xpdf" and version "0.93a" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.93b Search vendor "Foolabs" for product "Xpdf" and version "0.93b" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 0.93c Search vendor "Foolabs" for product "Xpdf" and version "0.93c" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 1.00a Search vendor "Foolabs" for product "Xpdf" and version "1.00a" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 3.0.1 Search vendor "Foolabs" for product "Xpdf" and version "3.0.1" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 3.02pl1 Search vendor "Foolabs" for product "Xpdf" and version "3.02pl1" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 3.02pl2 Search vendor "Foolabs" for product "Xpdf" and version "3.02pl2" | - |
Affected
| ||||||
| Foolabs Search vendor "Foolabs" | Xpdf Search vendor "Foolabs" for product "Xpdf" | 3.02pl3 Search vendor "Foolabs" for product "Xpdf" and version "3.02pl3" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | <= 3.02 Search vendor "Glyphandcog" for product "Xpdfreader" and version " <= 3.02" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 0.2 Search vendor "Glyphandcog" for product "Xpdfreader" and version "0.2" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 0.3 Search vendor "Glyphandcog" for product "Xpdfreader" and version "0.3" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 0.4 Search vendor "Glyphandcog" for product "Xpdfreader" and version "0.4" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 0.5 Search vendor "Glyphandcog" for product "Xpdfreader" and version "0.5" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 0.6 Search vendor "Glyphandcog" for product "Xpdfreader" and version "0.6" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 0.7 Search vendor "Glyphandcog" for product "Xpdfreader" and version "0.7" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 0.80 Search vendor "Glyphandcog" for product "Xpdfreader" and version "0.80" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 0.90 Search vendor "Glyphandcog" for product "Xpdfreader" and version "0.90" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 0.91 Search vendor "Glyphandcog" for product "Xpdfreader" and version "0.91" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 0.92 Search vendor "Glyphandcog" for product "Xpdfreader" and version "0.92" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 0.93 Search vendor "Glyphandcog" for product "Xpdfreader" and version "0.93" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 1.00 Search vendor "Glyphandcog" for product "Xpdfreader" and version "1.00" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 1.01 Search vendor "Glyphandcog" for product "Xpdfreader" and version "1.01" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 2.00 Search vendor "Glyphandcog" for product "Xpdfreader" and version "2.00" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 2.01 Search vendor "Glyphandcog" for product "Xpdfreader" and version "2.01" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 2.02 Search vendor "Glyphandcog" for product "Xpdfreader" and version "2.02" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 2.03 Search vendor "Glyphandcog" for product "Xpdfreader" and version "2.03" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 3.00 Search vendor "Glyphandcog" for product "Xpdfreader" and version "3.00" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 3.01 Search vendor "Glyphandcog" for product "Xpdfreader" and version "3.01" | - |
Affected
| ||||||
| Glyphandcog Search vendor "Glyphandcog" | Xpdfreader Search vendor "Glyphandcog" for product "Xpdfreader" | 3.02 Search vendor "Glyphandcog" for product "Xpdfreader" and version "3.02" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Kdegraphics Search vendor "Kde" for product "Kdegraphics" | * | - |
Affected
| ||||||