Vulnerability Details : CVE-2010-5110
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-5110
Probability of exploitation activity in the next 30 days: 0.74%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-5110
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-5110
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-5110
-
http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8
poppler/poppler - The poppler pdf rendering library (mirrored from https://gitlab.freedesktop.org/poppler/poppler)Exploit;Patch
-
https://bugs.freedesktop.org/show_bug.cgi?id=26280
26280 – corrupted jpeg stream in corrupted document crashes poppler
-
http://comments.gmane.org/gmane.comp.security.oss.general/11132
-
https://www.suse.com/support/update/announcement/2014/suse-su-20140817-1.html
SUSE-SU-2014:0817-1
Products affected by CVE-2010-5110
- cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:*