6.8

CVE-2010-3704

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

Data is provided by the National Vulnerability Database (NVD)
PopplerPoppler Version0.8.7
PopplerPoppler Version0.9.0
PopplerPoppler Version0.9.1
PopplerPoppler Version0.9.2
PopplerPoppler Version0.9.3
PopplerPoppler Version0.10.0
PopplerPoppler Version0.10.1
PopplerPoppler Version0.10.2
PopplerPoppler Version0.10.3
PopplerPoppler Version0.10.4
PopplerPoppler Version0.10.5
PopplerPoppler Version0.10.6
PopplerPoppler Version0.10.7
PopplerPoppler Version0.11.0
PopplerPoppler Version0.11.1
PopplerPoppler Version0.11.2
PopplerPoppler Version0.11.3
PopplerPoppler Version0.12.0
PopplerPoppler Version0.12.1
PopplerPoppler Version0.12.2
PopplerPoppler Version0.12.3
PopplerPoppler Version0.12.4
PopplerPoppler Version0.13.0
PopplerPoppler Version0.13.1
PopplerPoppler Version0.13.2
PopplerPoppler Version0.13.3
PopplerPoppler Version0.13.4
PopplerPoppler Version0.14.0
PopplerPoppler Version0.14.1
PopplerPoppler Version0.14.2
PopplerPoppler Version0.14.3
PopplerPoppler Version0.14.4
PopplerPoppler Version0.14.5
PopplerPoppler Version0.15.0
PopplerPoppler Version0.15.1
FoolabsXpdf Version0.5a
FoolabsXpdf Version0.7a
FoolabsXpdf Version0.91a
FoolabsXpdf Version0.91b
FoolabsXpdf Version0.91c
FoolabsXpdf Version0.92a
FoolabsXpdf Version0.92b
FoolabsXpdf Version0.92c
FoolabsXpdf Version0.92d
FoolabsXpdf Version0.92e
FoolabsXpdf Version0.93a
FoolabsXpdf Version0.93b
FoolabsXpdf Version0.93c
FoolabsXpdf Version1.00a
FoolabsXpdf Version3.0.1
FoolabsXpdf Version3.02pl1
FoolabsXpdf Version3.02pl2
FoolabsXpdf Version3.02pl3
GlyphandcogXpdfreader Version <= 3.02
GlyphandcogXpdfreader Version0.2
GlyphandcogXpdfreader Version0.3
GlyphandcogXpdfreader Version0.4
GlyphandcogXpdfreader Version0.5
GlyphandcogXpdfreader Version0.6
GlyphandcogXpdfreader Version0.7
GlyphandcogXpdfreader Version0.80
GlyphandcogXpdfreader Version0.90
GlyphandcogXpdfreader Version0.91
GlyphandcogXpdfreader Version0.92
GlyphandcogXpdfreader Version0.93
GlyphandcogXpdfreader Version1.00
GlyphandcogXpdfreader Version1.01
GlyphandcogXpdfreader Version2.00
GlyphandcogXpdfreader Version2.01
GlyphandcogXpdfreader Version2.02
GlyphandcogXpdfreader Version2.03
GlyphandcogXpdfreader Version3.00
GlyphandcogXpdfreader Version3.01
GlyphandcogXpdfreader Version3.02
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.53% 0.805
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.