Vulnerability Details : CVE-2010-3704
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
Vulnerability category: Memory CorruptionInput validationExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-3704
Probability of exploitation activity in the next 30 days: 0.57%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3704
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-3704
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3704
- ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch
-
http://www.vupen.com/english/advisories/2011/0230
Webmail | OVH- OVH
-
http://www.securityfocus.com/bid/43841
Xpdf 'FoFiType1::parse()' Array Indexing Error Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
[SECURITY] Fedora 13 Update: xpdf-3.02-16.fc13
-
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:024
-
http://www.redhat.com/support/errata/RHSA-2010-0753.html
Support
-
http://www.openwall.com/lists/oss-security/2010/10/04/6
oss-security - Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark
-
https://bugzilla.redhat.com/show_bug.cgi?id=638960
638960 – (CVE-2010-3704) CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
[SECURITY] Fedora 12 Update: xpdf-3.02-16.fc12
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
[SECURITY] Fedora 14 Update: xpdf-3.02-16.fc14
-
http://www.debian.org/security/2010/dsa-2135
Debian -- Security Information -- DSA-2135-1 xpdf
-
http://www.vupen.com/english/advisories/2010/3097
Webmail | OVH- OVH
-
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
CVE-2010-3702
-
http://www.redhat.com/support/errata/RHSA-2010-0749.html
Support
-
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
poppler/poppler - The poppler pdf rendering library (mirrored from https://gitlab.freedesktop.org/poppler/poppler)Patch
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
mandriva.com
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
mandriva.com
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
[SECURITY] Fedora 13 Update: poppler-0.12.4-6.fc13
-
http://www.debian.org/security/2010/dsa-2119
Debian -- Security Information -- DSA-2119-1 poppler
-
http://rhn.redhat.com/errata/RHSA-2012-1201.html
RHSA-2012:1201 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-1005-1
USN-1005-1: poppler vulnerabilities | Ubuntu security notices
-
http://www.redhat.com/support/errata/RHSA-2010-0751.html
Support
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
mandriva.com
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
The Slackware Linux Project: Slackware Security Advisories
-
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
mandriva.com
-
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:022
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
[SECURITY] Fedora 12 Update: poppler-0.12.4-5.fc12
-
http://www.vupen.com/english/advisories/2010/2897
Webmail | OVH- OVH
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
mandriva.com
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
[SECURITY] Fedora 14 Update: poppler-0.14.4-1.fc14
-
http://www.redhat.com/support/errata/RHSA-2010-0752.html
Support
-
http://www.redhat.com/support/errata/RHSA-2010-0859.html
Support
Products affected by CVE-2010-3704
- cpe:2.3:a:kde:kdegraphics:*:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*
- cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*