CVE-2010-3704

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-3704
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch Patch
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 Patch
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://secunia.com/advisories/42141
http://secunia.com/advisories/42357
http://secunia.com/advisories/42397
http://secunia.com/advisories/42691
http://secunia.com/advisories/43079
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
http://www.debian.org/security/2010/dsa-2119
http://www.debian.org/security/2010/dsa-2135
http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
http://www.openwall.com/lists/oss-security/2010/10/04/6
http://www.redhat.com/support/errata/RHSA-2010-0749.html
http://www.redhat.com/support/errata/RHSA-2010-0751.html
http://www.redhat.com/support/errata/RHSA-2010-0752.html
http://www.redhat.com/support/errata/RHSA-2010-0753.html
http://www.redhat.com/support/errata/RHSA-2010-0859.html
http://www.securityfocus.com/bid/43841
http://www.ubuntu.com/usn/USN-1005-1
http://www.vupen.com/english/advisories/2010/2897
http://www.vupen.com/english/advisories/2010/3097
http://www.vupen.com/english/advisories/2011/0230
https://bugzilla.redhat.com/show_bug.cgi?id=638960
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.12.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.12.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.12.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.12.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.13.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.13.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.13.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.13.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.13.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.14.1:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.14.2:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.14.3:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.14.4:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.14.5:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.15.0:*:*:*:*:*:*:*
cpe:2.3:a:poppler:poppler:0.15.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
cpe:2.3:a:kde:kdegraphics:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2010-11-05 18:00

Updated : 2024-02-28 11:41

NVD link : CVE-2010-3704

Mitre link : CVE-2010-3704

CVE.ORG link : CVE-2010-3704

JSON object : View

Products Affected

foolabs

  • xpdf

poppler

  • poppler

kde

  • kdegraphics

glyphandcog

  • xpdfreader
CWE
CWE-20

Improper Input Validation


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024