CVE Vulnerabilities

CVE-2010-3702

NULL Pointer Dereference

Published: Nov 05, 2010 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
5.8 IMPORTANT
AV:A/AC:L/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Cups Apple * 1.3.11 (including)
Poppler Freedesktop 0.8.7 (including) 0.15.1 (including)
Xpdf Xpdfreader * 3.01 (including)
Xpdf Xpdfreader 3.02 (including) 3.02 (including)
Xpdf Xpdfreader 3.02-pl1 (including) 3.02-pl1 (including)
Xpdf Xpdfreader 3.02-pl2 (including) 3.02-pl2 (including)
Xpdf Xpdfreader 3.02-pl3 (including) 3.02-pl3 (including)
Xpdf Xpdfreader 3.02-pl4 (including) 3.02-pl4 (including)
Red Hat Enterprise Linux 3 RedHat xpdf-1:2.02-19.el3 *
Red Hat Enterprise Linux 3 RedHat cups-1:1.1.17-13.3.70 *
Red Hat Enterprise Linux 4 RedHat xpdf-1:3.00-24.el4_8.1 *
Red Hat Enterprise Linux 4 RedHat gpdf-0:2.8.2-7.7.2.el4_8.7 *
Red Hat Enterprise Linux 4 RedHat kdegraphics-7:3.3.1-18.el4_8.1 *
Red Hat Enterprise Linux 4 RedHat cups-1:1.1.22-0.rc1.9.32.el4_8.10 *
Red Hat Enterprise Linux 5 RedHat poppler-0:0.5.4-4.4.el5_5.14 *
Red Hat Enterprise Linux 5 RedHat kdegraphics-7:3.5.4-17.el5_5.1 *
Red Hat Enterprise Linux 5 RedHat tetex-0:3.0-33.15.el5_8.1 *
Red Hat Enterprise Linux 6 RedHat poppler-0:0.12.4-3.el6_0.1 *
Gpdf Ubuntu dapper *
Ipe Ubuntu artful *
Ipe Ubuntu bionic *
Ipe Ubuntu cosmic *
Ipe Ubuntu dapper *
Ipe Ubuntu disco *
Ipe Ubuntu eoan *
Ipe Ubuntu groovy *
Ipe Ubuntu hardy *
Ipe Ubuntu hirsute *
Ipe Ubuntu impish *
Ipe Ubuntu jaunty *
Ipe Ubuntu karmic *
Ipe Ubuntu kinetic *
Ipe Ubuntu lucid *
Ipe Ubuntu lunar *
Ipe Ubuntu mantic *
Ipe Ubuntu maverick *
Ipe Ubuntu natty *
Ipe Ubuntu oneiric *
Ipe Ubuntu precise *
Ipe Ubuntu quantal *
Ipe Ubuntu raring *
Ipe Ubuntu saucy *
Ipe Ubuntu trusty *
Ipe Ubuntu utopic *
Ipe Ubuntu vivid *
Ipe Ubuntu wily *
Ipe Ubuntu xenial *
Ipe Ubuntu yakkety *
Ipe Ubuntu zesty *
Koffice Ubuntu dapper *
Koffice Ubuntu hardy *
Koffice Ubuntu jaunty *
Libextractor Ubuntu artful *
Libextractor Ubuntu cosmic *
Libextractor Ubuntu dapper *
Libextractor Ubuntu disco *
Libextractor Ubuntu eoan *
Libextractor Ubuntu groovy *
Libextractor Ubuntu hardy *
Libextractor Ubuntu hirsute *
Libextractor Ubuntu impish *
Libextractor Ubuntu jaunty *
Libextractor Ubuntu karmic *
Libextractor Ubuntu lucid *
Libextractor Ubuntu maverick *
Libextractor Ubuntu natty *
Libextractor Ubuntu oneiric *
Libextractor Ubuntu precise *
Libextractor Ubuntu quantal *
Libextractor Ubuntu raring *
Libextractor Ubuntu saucy *
Libextractor Ubuntu trusty *
Libextractor Ubuntu utopic *
Libextractor Ubuntu vivid *
Libextractor Ubuntu wily *
Libextractor Ubuntu xenial *
Libextractor Ubuntu yakkety *
Libextractor Ubuntu zesty *
Pdfkit.framework Ubuntu dapper *
Pdftohtml Ubuntu dapper *
Poppler Ubuntu dapper *
Poppler Ubuntu hardy *
Poppler Ubuntu jaunty *
Poppler Ubuntu karmic *
Poppler Ubuntu lucid *
Poppler Ubuntu maverick *
Poppler Ubuntu upstream *
Xpdf Ubuntu dapper *
Xpdf Ubuntu hardy *
Xpdf Ubuntu jaunty *
Xpdf Ubuntu karmic *
Xpdf Ubuntu lucid *
Xpdf Ubuntu maverick *
Xpdf Ubuntu upstream *

Potential Mitigations

References