Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2010-4654

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Published: Nov 13, 2019 | Modified: Aug 18, 2020
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
6.8 IMPORTANT
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2010-4654
CWEhttps://cwe.mitre.org/data/definitions/74.html

poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.

Weakness

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Affected Software

Name Vendor Start Version End Version
Poppler Freedesktop * 0.16.3 (excluding)
Ipe Ubuntu artful *
Ipe Ubuntu bionic *
Ipe Ubuntu cosmic *
Ipe Ubuntu disco *
Ipe Ubuntu eoan *
Ipe Ubuntu groovy *
Ipe Ubuntu hardy *
Ipe Ubuntu hirsute *
Ipe Ubuntu impish *
Ipe Ubuntu kinetic *
Ipe Ubuntu lucid *
Ipe Ubuntu lunar *
Ipe Ubuntu mantic *
Ipe Ubuntu maverick *
Ipe Ubuntu natty *
Ipe Ubuntu oneiric *
Ipe Ubuntu precise *
Ipe Ubuntu quantal *
Ipe Ubuntu raring *
Ipe Ubuntu saucy *
Ipe Ubuntu trusty *
Ipe Ubuntu utopic *
Ipe Ubuntu vivid *
Ipe Ubuntu wily *
Ipe Ubuntu xenial *
Ipe Ubuntu yakkety *
Ipe Ubuntu zesty *
Koffice Ubuntu hardy *
Libextractor Ubuntu artful *
Libextractor Ubuntu cosmic *
Libextractor Ubuntu disco *
Libextractor Ubuntu eoan *
Libextractor Ubuntu groovy *
Libextractor Ubuntu hardy *
Libextractor Ubuntu hirsute *
Libextractor Ubuntu impish *
Libextractor Ubuntu lucid *
Libextractor Ubuntu maverick *
Libextractor Ubuntu natty *
Libextractor Ubuntu oneiric *
Libextractor Ubuntu precise *
Libextractor Ubuntu quantal *
Libextractor Ubuntu raring *
Libextractor Ubuntu saucy *
Libextractor Ubuntu trusty *
Libextractor Ubuntu utopic *
Libextractor Ubuntu vivid *
Libextractor Ubuntu wily *
Libextractor Ubuntu xenial *
Libextractor Ubuntu yakkety *
Libextractor Ubuntu zesty *
Poppler Ubuntu hardy *
Poppler Ubuntu upstream *
Xpdf Ubuntu artful *
Xpdf Ubuntu hardy *
Xpdf Ubuntu lucid *
Xpdf Ubuntu maverick *
Xpdf Ubuntu natty *
Xpdf Ubuntu oneiric *
Xpdf Ubuntu precise *
Xpdf Ubuntu quantal *
Xpdf Ubuntu raring *
Xpdf Ubuntu saucy *
Xpdf Ubuntu trusty *
Xpdf Ubuntu utopic *
Xpdf Ubuntu vivid *
Xpdf Ubuntu wily *
Xpdf Ubuntu xenial *
Xpdf Ubuntu yakkety *
Xpdf Ubuntu zesty *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use