6.8
CVE-2010-3704
- EPSS 1.53%
- Veröffentlicht 05.11.2010 18:00:25
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Glyphandcog ≫ Xpdfreader Version <= 3.02
Glyphandcog ≫ Xpdfreader Version0.2
Glyphandcog ≫ Xpdfreader Version0.3
Glyphandcog ≫ Xpdfreader Version0.4
Glyphandcog ≫ Xpdfreader Version0.5
Glyphandcog ≫ Xpdfreader Version0.6
Glyphandcog ≫ Xpdfreader Version0.7
Glyphandcog ≫ Xpdfreader Version0.80
Glyphandcog ≫ Xpdfreader Version0.90
Glyphandcog ≫ Xpdfreader Version0.91
Glyphandcog ≫ Xpdfreader Version0.92
Glyphandcog ≫ Xpdfreader Version0.93
Glyphandcog ≫ Xpdfreader Version1.00
Glyphandcog ≫ Xpdfreader Version1.01
Glyphandcog ≫ Xpdfreader Version2.00
Glyphandcog ≫ Xpdfreader Version2.01
Glyphandcog ≫ Xpdfreader Version2.02
Glyphandcog ≫ Xpdfreader Version2.03
Glyphandcog ≫ Xpdfreader Version3.00
Glyphandcog ≫ Xpdfreader Version3.01
Glyphandcog ≫ Xpdfreader Version3.02
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.53% | 0.805 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.