Vulnerability Details : CVE-2010-3702
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
Vulnerability category: Denial of service
Threat overview for CVE-2010-3702
Top countries where our scanners detected CVE-2010-3702
Top open port discovered on systems with this issue
631
IPs affected by CVE-2010-3702 3,293
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-3702!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-3702
Probability of exploitation activity in the next 30 days: 0.43%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3702
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2010-3702
-
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3702
-
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch
Broken Link
-
http://www.vupen.com/english/advisories/2011/0230
Webmail | OVH- OVHThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:023Mailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
[SECURITY] Fedora 13 Update: xpdf-3.02-16.fc13Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:024Mailing List;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0753.html
SupportThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2010/10/04/6
oss-security - Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, WiresharkMailing List;Patch;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
[SECURITY] Fedora 12 Update: xpdf-3.02-16.fc12Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
[SECURITY] Fedora 14 Update: xpdf-3.02-16.fc14Third Party Advisory
-
http://www.debian.org/security/2010/dsa-2135
Debian -- Security Information -- DSA-2135-1 xpdfThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/3097
Webmail | OVH- OVHThird Party Advisory
-
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
CVE-2010-3702Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0749.html
SupportThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
mandriva.comThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
mandriva.comThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
[SECURITY] Fedora 13 Update: poppler-0.12.4-6.fc13Third Party Advisory
-
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
poppler/poppler - The poppler pdf rendering library (mirrored from https://gitlab.freedesktop.org/poppler/poppler)Patch;Vendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0750.html
SupportThird Party Advisory
-
http://www.debian.org/security/2010/dsa-2119
Debian -- Security Information -- DSA-2119-1 popplerThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1201.html
RHSA-2012:1201 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-1005-1
USN-1005-1: poppler vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0751.html
SupportThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
mandriva.comThird Party Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
The Slackware Linux Project: Slackware Security AdvisoriesThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
mandriva.comThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:022Mailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/43845
XPDF 'Gfx::getPos()' (CVE-2010-3702) Unitialized Pointer Dereference VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
[SECURITY] Fedora 12 Update: poppler-0.12.4-5.fc12Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/2897
Webmail | OVH- OVHThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
mandriva.comThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0755.html
SupportThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
[SECURITY] Fedora 14 Update: poppler-0.14.4-1.fc14Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0754.html
SupportThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0752.html
SupportThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=595245
595245 – (CVE-2010-3702) CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereferenceIssue Tracking;Patch;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0859.html
SupportThird Party Advisory
Products affected by CVE-2010-3702
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
- cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
- cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*
- cpe:2.3:a:xpdfreader:xpdf:3.02:-:*:*:*:*:*:*
- cpe:2.3:a:xpdfreader:xpdf:3.02:pl1:*:*:*:*:*:*
- cpe:2.3:a:xpdfreader:xpdf:3.02:pl2:*:*:*:*:*:*
- cpe:2.3:a:xpdfreader:xpdf:3.02:pl3:*:*:*:*:*:*
- cpe:2.3:a:xpdfreader:xpdf:3.02:pl4:*:*:*:*:*:*