The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cups | Apple | * | 1.3.11 (including) |
Poppler | Freedesktop | 0.8.7 (including) | 0.15.1 (including) |
Xpdf | Xpdfreader | * | 3.01 (including) |
Xpdf | Xpdfreader | 3.02 (including) | 3.02 (including) |
Xpdf | Xpdfreader | 3.02-pl1 (including) | 3.02-pl1 (including) |
Xpdf | Xpdfreader | 3.02-pl2 (including) | 3.02-pl2 (including) |
Xpdf | Xpdfreader | 3.02-pl3 (including) | 3.02-pl3 (including) |
Xpdf | Xpdfreader | 3.02-pl4 (including) | 3.02-pl4 (including) |