Lucene search

RedhatCVE-2010-3703

HistoryNov 05, 2010 - 6:00 p.m.

CVE-2010-3703

2010-11-0518:00:25

CWE-20

redhat

web.nvd.nist.gov

cve-2010-3703

postscriptfunction

poppler

pdf parser

denial of service

crash

uninitialized pointer dereference

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

7.1

Confidence

High

EPSS

0.011

Percentile

84.4%

JSON

The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.

Affected configurations

NVD

Node

popplerpopplerMatch0.8.7

popplerpopplerMatch0.9.0

popplerpopplerMatch0.9.1

popplerpopplerMatch0.9.2

popplerpopplerMatch0.9.3

popplerpopplerMatch0.10.0

popplerpopplerMatch0.10.1

popplerpopplerMatch0.10.2

popplerpopplerMatch0.10.3

popplerpopplerMatch0.10.4

popplerpopplerMatch0.10.5

popplerpopplerMatch0.10.6

popplerpopplerMatch0.10.7

popplerpopplerMatch0.11.0

popplerpopplerMatch0.11.1

popplerpopplerMatch0.11.2

popplerpopplerMatch0.11.3

popplerpopplerMatch0.12.0

popplerpopplerMatch0.12.1

popplerpopplerMatch0.12.2

popplerpopplerMatch0.12.3

popplerpopplerMatch0.12.4

popplerpopplerMatch0.13.0

popplerpopplerMatch0.13.1

popplerpopplerMatch0.13.2

popplerpopplerMatch0.13.3

popplerpopplerMatch0.13.4

popplerpopplerMatch0.14.0

popplerpopplerMatch0.14.1

popplerpopplerMatch0.14.2

popplerpopplerMatch0.14.3

popplerpopplerMatch0.14.4

popplerpopplerMatch0.14.5

popplerpopplerMatch0.15.0

popplerpopplerMatch0.15.1

VendorProductVersionCPE
popplerpoppler0.13.3cpe:/a:poppler:poppler:0.13.3:::
popplerpoppler0.12.0cpe:/a:poppler:poppler:0.12.0:::
popplerpoppler0.11.0cpe:/a:poppler:poppler:0.11.0:::
popplerpoppler0.11.1cpe:/a:poppler:poppler:0.11.1:::
popplerpoppler0.13.2cpe:/a:poppler:poppler:0.13.2:::
popplerpoppler0.9.0cpe:/a:poppler:poppler:0.9.0:::
popplerpoppler0.14.3cpe:/a:poppler:poppler:0.14.3:::
popplerpoppler0.13.4cpe:/a:poppler:poppler:0.13.4:::
popplerpoppler0.9.3cpe:/a:poppler:poppler:0.9.3:::
popplerpoppler0.12.3cpe:/a:poppler:poppler:0.12.3:::

Vendor	Product	Version	CPE
poppler	poppler	0.13.3	cpe:/a:poppler:poppler:0.13.3:::
poppler	poppler	0.12.0	cpe:/a:poppler:poppler:0.12.0:::
poppler	poppler	0.11.0	cpe:/a:poppler:poppler:0.11.0:::
poppler	poppler	0.11.1	cpe:/a:poppler:poppler:0.11.1:::
poppler	poppler	0.13.2	cpe:/a:poppler:poppler:0.13.2:::
poppler	poppler	0.9.0	cpe:/a:poppler:poppler:0.9.0:::
poppler	poppler	0.14.3	cpe:/a:poppler:poppler:0.14.3:::
poppler	poppler	0.13.4	cpe:/a:poppler:poppler:0.13.4:::
poppler	poppler	0.9.3	cpe:/a:poppler:poppler:0.9.3:::
poppler	poppler	0.12.3	cpe:/a:poppler:poppler:0.12.3:::