Debian DSA-2135-1 : xpdf - several vulnerabilities

medium Nessus Plugin ID 51397


The remote Debian host is missing a security-related update.


Joel Voss of Leviathan Security Group discovered two vulnerabilities in xpdf rendering engine, which may lead to the execution of arbitrary code if a malformed PDF file is opened.


Upgrade the poppler packages.

For the stable distribution (lenny), these problems have been fixed in version 3.02-1.4+lenny3.

For the upcoming stable distribution (squeeze) and the unstable distribution (sid), these problems don't apply, since xpdf has been patched to use the Poppler PDF library.

See Also

Plugin Details

Severity: Medium

ID: 51397

File Name: debian_DSA-2135.nasl

Version: 1.10

Type: local

Agent: unix

Published: 1/3/2011

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:xpdf, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 12/21/2010

Reference Information

CVE: CVE-2010-3702, CVE-2010-3704

BID: 43841, 43845

DSA: 2135