4.3

CVE-2010-3703

The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PopplerPoppler Version0.8.7
PopplerPoppler Version0.9.0
PopplerPoppler Version0.9.1
PopplerPoppler Version0.9.2
PopplerPoppler Version0.9.3
PopplerPoppler Version0.10.0
PopplerPoppler Version0.10.1
PopplerPoppler Version0.10.2
PopplerPoppler Version0.10.3
PopplerPoppler Version0.10.4
PopplerPoppler Version0.10.5
PopplerPoppler Version0.10.6
PopplerPoppler Version0.10.7
PopplerPoppler Version0.11.0
PopplerPoppler Version0.11.1
PopplerPoppler Version0.11.2
PopplerPoppler Version0.11.3
PopplerPoppler Version0.12.0
PopplerPoppler Version0.12.1
PopplerPoppler Version0.12.2
PopplerPoppler Version0.12.3
PopplerPoppler Version0.12.4
PopplerPoppler Version0.13.0
PopplerPoppler Version0.13.1
PopplerPoppler Version0.13.2
PopplerPoppler Version0.13.3
PopplerPoppler Version0.13.4
PopplerPoppler Version0.14.0
PopplerPoppler Version0.14.1
PopplerPoppler Version0.14.2
PopplerPoppler Version0.14.3
PopplerPoppler Version0.14.4
PopplerPoppler Version0.14.5
PopplerPoppler Version0.15.0
PopplerPoppler Version0.15.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.56% 0.831
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
http://secunia.com/advisories/42357
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
http://www.openwall.com/lists/oss-security/2010/10/04/6
http://www.redhat.com/support/errata/RHSA-2010-0859.html
http://www.ubuntu.com/usn/USN-1005-1
http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
https://bugzilla.redhat.com/show_bug.cgi?id=639356