Search for vulnerabilities
Vulnerability details: VCID-qbky-5grj-aaah
Vulnerability ID VCID-qbky-5grj-aaah
Aliases CVE-2010-3702
Summary The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3702.html
rhas Important https://access.redhat.com/errata/RHSA-2010:0749
rhas Important https://access.redhat.com/errata/RHSA-2010:0750
rhas Important https://access.redhat.com/errata/RHSA-2010:0751
rhas Important https://access.redhat.com/errata/RHSA-2010:0752
rhas Important https://access.redhat.com/errata/RHSA-2010:0753
rhas Important https://access.redhat.com/errata/RHSA-2010:0754
rhas Important https://access.redhat.com/errata/RHSA-2010:0755
rhas Important https://access.redhat.com/errata/RHSA-2010:0859
rhas Moderate https://access.redhat.com/errata/RHSA-2012:1201
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.06374 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
epss 0.13019 https://api.first.org/data/v1/epss?cve=CVE-2010-3702
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2010-3702
generic_textual Medium https://ubuntu.com/security/notices/USN-1005-1
generic_textual Medium https://usn.ubuntu.com/usn/usn-1005-1
Reference id Reference type URL
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3702.html
http://rhn.redhat.com/errata/RHSA-2012-1201.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3702.json
https://api.first.org/data/v1/epss?cve=CVE-2010-3702
https://bugzilla.redhat.com/show_bug.cgi?id=595245
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702
http://secunia.com/advisories/42141
http://secunia.com/advisories/42357
http://secunia.com/advisories/42397
http://secunia.com/advisories/42691
http://secunia.com/advisories/43079
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
https://ubuntu.com/security/notices/USN-1005-1
https://usn.ubuntu.com/usn/usn-1005-1
http://www.debian.org/security/2010/dsa-2119
http://www.debian.org/security/2010/dsa-2135
http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
http://www.openwall.com/lists/oss-security/2010/10/04/6
http://www.redhat.com/support/errata/RHSA-2010-0749.html
http://www.redhat.com/support/errata/RHSA-2010-0750.html
http://www.redhat.com/support/errata/RHSA-2010-0751.html
http://www.redhat.com/support/errata/RHSA-2010-0752.html
http://www.redhat.com/support/errata/RHSA-2010-0753.html
http://www.redhat.com/support/errata/RHSA-2010-0754.html
http://www.redhat.com/support/errata/RHSA-2010-0755.html
http://www.redhat.com/support/errata/RHSA-2010-0859.html
http://www.securityfocus.com/bid/43845
http://www.ubuntu.com/usn/USN-1005-1
http://www.vupen.com/english/advisories/2010/2897
http://www.vupen.com/english/advisories/2010/3097
http://www.vupen.com/english/advisories/2011/0230
599165 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:3.02:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:3.02:-:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:3.02:pl1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:3.02:pl1:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:3.02:pl2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:3.02:pl2:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:3.02:pl3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:3.02:pl3:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:3.02:pl4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdfreader:xpdf:3.02:pl4:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
CVE-2010-3702 https://nvd.nist.gov/vuln/detail/CVE-2010-3702
GLSA-201310-03 https://security.gentoo.org/glsa/201310-03
GLSA-201402-17 https://security.gentoo.org/glsa/201402-17
RHSA-2010:0749 https://access.redhat.com/errata/RHSA-2010:0749
RHSA-2010:0750 https://access.redhat.com/errata/RHSA-2010:0750
RHSA-2010:0751 https://access.redhat.com/errata/RHSA-2010:0751
RHSA-2010:0752 https://access.redhat.com/errata/RHSA-2010:0752
RHSA-2010:0753 https://access.redhat.com/errata/RHSA-2010:0753
RHSA-2010:0754 https://access.redhat.com/errata/RHSA-2010:0754
RHSA-2010:0755 https://access.redhat.com/errata/RHSA-2010:0755
RHSA-2010:0859 https://access.redhat.com/errata/RHSA-2010:0859
RHSA-2012:1201 https://access.redhat.com/errata/RHSA-2012:1201
USN-1005-1 https://usn.ubuntu.com/1005-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-3702
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.74828
EPSS Score 0.00425
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.