CVE-2010-3703
Vulnerability from cvelistv5
Published
2010-11-05 17:00
Modified
2024-08-07 03:18
Severity ?
Summary
The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:18:52.924Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
          },
          {
            "name": "FEDORA-2010-15857",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
          },
          {
            "name": "RHSA-2010:0859",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
          },
          {
            "name": "42357",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42357"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639356"
          },
          {
            "name": "MDVSA-2010:231",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
          },
          {
            "name": "SSA:2010-324-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
          },
          {
            "name": "FEDORA-2010-15911",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
          },
          {
            "name": "USN-1005-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1005-1"
          },
          {
            "name": "FEDORA-2010-15981",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
          },
          {
            "name": "SUSE-SR:2010:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-12-07T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/10/04/6"
        },
        {
          "name": "FEDORA-2010-15857",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html"
        },
        {
          "name": "RHSA-2010:0859",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0859.html"
        },
        {
          "name": "42357",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42357"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=639356"
        },
        {
          "name": "MDVSA-2010:231",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:231"
        },
        {
          "name": "SSA:2010-324-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720"
        },
        {
          "name": "FEDORA-2010-15911",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html"
        },
        {
          "name": "USN-1005-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1005-1"
        },
        {
          "name": "FEDORA-2010-15981",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html"
        },
        {
          "name": "SUSE-SR:2010:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-3703",
    "datePublished": "2010-11-05T17:00:00",
    "dateReserved": "2010-10-01T00:00:00",
    "dateUpdated": "2024-08-07T03:18:52.924Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3703\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-11-05T18:00:25.877\",\"lastModified\":\"2011-01-22T06:43:49.783\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n PostScriptFunction::PostScriptFunction en poppler/Function.cc en el analizador de PDF de poppler v0.8.7 y posiblemente otras versiones hasta v0.15.1, y posiblemente otros, permite provocar una denegaci\u00f3n de servicio (por ca\u00edda de la aplicaci\u00f3n) a atacantes dependientes de contexto a trav\u00e9s de un archivo PDF que desencadena una desreferencia a un puntero no inicializado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6323ED7A-6FE8-4885-B743-3E2F82ECA08B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90D3345C-2D35-413C-B6F9-C308BC7C2AA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26216EEC-26B7-41C8-ADFB-64D2EA8DAA8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9D3618D-A183-4B09-9CA2-8D622C3486DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A88294D9-563E-4AB3-9FE6-971F43B052B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A39F672-B238-4B21-A48E-5121771949F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58A5D199-E952-44B5-B5E5-170040FA813E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"349B4B75-32E2-49FB-9606-8B057AFA2E3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55A8D058-224E-467E-AB61-06F90B541F24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77C47EDD-2212-4259-8229-FF05E1A7B5AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C52995D0-0986-427F-B37D-2F6726EA330D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E4427C5-DBF0-4EF9-8B7A-61D56C14E3FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B91206CA-7EBE-4E64-9A49-D7EC0D051012\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD43644-7F02-42AF-8EC3-C326A13E2F89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81FE2E6F-44B2-42D5-B986-D1FE2B510968\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A605079-3705-4E2C-8F6D-C21B4D875817\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ABBD590-8092-4920-BBC7-F3ACB9CCC900\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14D812D5-BC8B-4907-AA70-F8D7F982A8DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E25003C-04CE-401F-B012-F2E13DC8E8C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"189FE6D1-C001-4D43-BFD2-B8421C6FAB06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAF3866C-09D2-4564-A7AE-2C49A5E8480C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.12.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A43C280F-A571-4EF9-B301-244B05750933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D37AC0D5-6811-4FE2-83BB-FEF44B228645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2B24274-2F2F-4F3A-8978-390BF69EF0AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14959178-17D0-4794-867F-AB62501EEF24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.13.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1129356-C0B0-4130-A1EF-888B02783317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CD0FA23-F797-4FB5-85AD-29AED926E02D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77B06D79-50AD-49D0-B372-25CA226EEA80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A34735C6-2738-4CCC-9322-8F7584AB616D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"339A5BC3-7AED-4912-B6D3-BBD5FBF4AA02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.14.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"325750AA-5E10-457E-88E8-439DFB81FE1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.14.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"235861C5-B126-4A27-A51F-94568DBA5FBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EE3D5F0-DA69-453A-9729-03FD1151D94E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E52568-A112-4533-9CFA-55D35F40AA9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:poppler:poppler:0.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38A9C7A2-DAC5-4334-9A88-CF9085A34186\"}]}]}],\"references\":[{\"url\":\"http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/42357\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.571720\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:231\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/10/04/6\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0859.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1005-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=639356\",\"source\":\"secalert@redhat.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.