CVE-2010-3703

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.

References

http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

http://secunia.com/advisories/42357

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720

http://www.mandriva.com/security/advisories?name=MDVSA-2010:231

http://www.openwall.com/lists/oss-security/2010/10/04/6

http://www.redhat.com/support/errata/RHSA-2010-0859.html

http://www.ubuntu.com/usn/USN-1005-1

https://bugzilla.redhat.com/show_bug.cgi?id=639356

Details

Source: MITRE

Published: 2010-11-05

Updated: 2011-01-22

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.12.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.12.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.12.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.12.4:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.13.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.13.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.13.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.13.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.13.4:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.14.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.14.1:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.14.2:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.14.3:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.14.4:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.14.5:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.15.0:*:*:*:*:*:*:*

cpe:2.3:a:poppler:poppler:0.15.1:*:*:*:*:*:*:*

Tenable Plugins

View all (43 total)

IDNameProductFamilySeverity
102905OracleVM 3.3 / 3.4 : poppler (OVMSA-2017-0147)NessusOracleVM Local Security Checks
high
75606openSUSE Security Update : libpoppler-devel (openSUSE-SU-2010:0976-1)NessusSuSE Local Security Checks
medium
70309GLSA-201310-03 : Poppler: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
68137Oracle Linux 6 : poppler (ELSA-2010-0859)NessusOracle Linux Local Security Checks
medium
68116Oracle Linux 4 : cups (ELSA-2010-0755)NessusOracle Linux Local Security Checks
medium
68115Oracle Linux 3 : cups (ELSA-2010-0754)NessusOracle Linux Local Security Checks
medium
68114Oracle Linux 4 : kdegraphics (ELSA-2010-0753)NessusOracle Linux Local Security Checks
medium
68113Oracle Linux 4 : gpdf (ELSA-2010-0752)NessusOracle Linux Local Security Checks
medium
68112Oracle Linux 4 : xpdf (ELSA-2010-0751)NessusOracle Linux Local Security Checks
medium
68111Oracle Linux 3 : xpdf (ELSA-2010-0750)NessusOracle Linux Local Security Checks
medium
68110Oracle Linux 5 : poppler (ELSA-2010-0749)NessusOracle Linux Local Security Checks
medium
60896Scientific Linux Security Update : poppler on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
53755openSUSE Security Update : libpoppler-devel (openSUSE-SU-2010:0976-1)NessusSuSE Local Security Checks
medium
53690openSUSE Security Update : xpdf (openSUSE-SU-2010:1091-1)NessusSuSE Local Security Checks
medium
53677openSUSE Security Update : libpoppler-devel (openSUSE-SU-2010:0976-1)NessusSuSE Local Security Checks
medium
51637SuSE 11.1 Security Update : xpdf (SAT Patch Number 3377)NessusSuSE Local Security Checks
medium
51622SuSE 11.1 Security Update : libpoppler (SAT Patch Number 3338)NessusSuSE Local Security Checks
medium
51365SuSE 10 Security Update : xpdf (ZYPP Patch Number 7190)NessusSuSE Local Security Checks
medium
51113SuSE 10 Security Update : kdegraphics (ZYPP Patch Number 7235)NessusSuSE Local Security Checks
high
50984SuSE 10 Security Update : CUPS (ZYPP Patch Number 7244)NessusSuSE Local Security Checks
medium
50982SuSE9 Security Update : CUPS (YOU Patch Number 12665)NessusSuSE Local Security Checks
medium
50661Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : poppler (SSA:2010-324-02)NessusSlackware Local Security Checks
medium
50660Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 9.1 / current : xpdf (SSA:2010-324-01)NessusSlackware Local Security Checks
medium
50631RHEL 6 : poppler (RHSA-2010:0859)NessusRed Hat Local Security Checks
medium
50583Mandriva Linux Security Advisory : poppler (MDVSA-2010:231)NessusMandriva Local Security Checks
medium
50045Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : poppler vulnerabilities (USN-1005-1)NessusUbuntu Local Security Checks
medium
50033Fedora 12 : poppler-0.12.4-5.fc12 (2010-15981)NessusFedora Local Security Checks
medium
50027Fedora 13 : poppler-0.12.4-6.fc13 (2010-15911)NessusFedora Local Security Checks
medium
50005Fedora 14 : poppler-0.14.4-1.fc14 (2010-15857)NessusFedora Local Security Checks
medium
49936CentOS 5 : poppler (CESA-2010:0749)NessusCentOS Local Security Checks
medium
49814CentOS 4 : cups (CESA-2010:0755)NessusCentOS Local Security Checks
medium
49813CentOS 3 : cups (CESA-2010:0754)NessusCentOS Local Security Checks
medium
49812CentOS 4 / 5 : kdegraphics (CESA-2010:0753)NessusCentOS Local Security Checks
medium
49811CentOS 4 : gpdf (CESA-2010:0752)NessusCentOS Local Security Checks
medium
49810CentOS 4 : xpdf (CESA-2010:0751)NessusCentOS Local Security Checks
medium
49809CentOS 3 : xpdf (CESA-2010:0750)NessusCentOS Local Security Checks
medium
49802RHEL 4 : cups (RHSA-2010:0755)NessusRed Hat Local Security Checks
medium
49801RHEL 3 : cups (RHSA-2010:0754)NessusRed Hat Local Security Checks
medium
49800RHEL 4 / 5 : kdegraphics (RHSA-2010:0753)NessusRed Hat Local Security Checks
medium
49799RHEL 4 : gpdf (RHSA-2010:0752)NessusRed Hat Local Security Checks
medium
49798RHEL 4 : xpdf (RHSA-2010:0751)NessusRed Hat Local Security Checks
medium
49797RHEL 3 : xpdf (RHSA-2010:0750)NessusRed Hat Local Security Checks
medium
49796RHEL 5 : poppler (RHSA-2010:0749)NessusRed Hat Local Security Checks
medium