Red Hat Customer Portal

Skip to main content

CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

Details Source

Mitre

Public Date

2010-09-24 00:00:00

Impact

Important

Bugzilla

CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference

Bugzilla ID

595 245

CVSS Status

verified

Base Score

5.80

Base Metrics

AV:A/AC:L/Au:N/C:P/I:P/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (cups) RHSA-2010:0754 2010-10-07
Red Hat Enterprise Linux 3 (xpdf) RHSA-2010:0750 2010-10-07
Red Hat Enterprise Linux 5 (kdegraphics) RHSA-2010:0753 2010-10-07
Red Hat Enterprise Linux 4 (kdegraphics) RHSA-2010:0753 2010-10-07
Red Hat Enterprise Linux 4 (gpdf) RHSA-2010:0752 2010-10-07
Red Hat Enterprise Linux 4 (xpdf) RHSA-2010:0751 2010-10-07
Red Hat Enterprise Linux 4 (cups) RHSA-2010:0755 2010-10-07
Red Hat Enterprise Linux 6 (poppler) RHSA-2010:0859 2010-11-10
Red Hat Enterprise Linux 5 (poppler) RHSA-2010:0749 2010-10-07
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (kdegraphics) RHSA-2010:0753 2010-10-07
Red Hat Enterprise Linux 5 (tetex) RHSA-2012:1201 2012-08-23

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 4 tetex Affected
Red Hat Enterprise Linux 3 tetex Affected