Executive Summary

Informations
Name CVE-2010-3702 First vendor Publication 2010-11-05
Vendor Cve Last vendor Modification 2020-12-23

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-476 NULL Pointer Dereference

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 82
Application 73
Application 5
Os 6
Os 2
Os 3
Os 3
Os 1
Os 1
Os 1
Os 4

OpenVAS Exploits

Date Description
2012-08-24 Name : CentOS Update for tetex CESA-2012:1201 centos5
File : nvt/gb_CESA-2012_1201_tetex_centos5.nasl
2012-08-24 Name : RedHat Update for tetex RHSA-2012:1201-01
File : nvt/gb_RHSA-2012_1201-01_tetex.nasl
2011-08-09 Name : CentOS Update for poppler CESA-2010:0749 centos5 i386
File : nvt/gb_CESA-2010_0749_poppler_centos5_i386.nasl
2011-08-09 Name : CentOS Update for kdegraphics CESA-2010:0753 centos5 i386
File : nvt/gb_CESA-2010_0753_kdegraphics_centos5_i386.nasl
2011-03-07 Name : Debian Security Advisory DSA 2135-1 (xpdf)
File : nvt/deb_2135_1.nasl
2010-12-02 Name : Fedora Update for xpdf FEDORA-2010-16744
File : nvt/gb_fedora_2010_16744_xpdf_fc14.nasl
2010-12-02 Name : Fedora Update for poppler FEDORA-2010-15857
File : nvt/gb_fedora_2010_15857_poppler_fc14.nasl
2010-11-17 Name : Debian Security Advisory DSA 2116-1 (poppler)
File : nvt/deb_2116_1.nasl
2010-11-16 Name : Mandriva Update for poppler MDVSA-2010:231 (poppler)
File : nvt/gb_mandriva_MDVSA_2010_231.nasl
2010-11-16 Name : Mandriva Update for poppler MDVSA-2010:230 (poppler)
File : nvt/gb_mandriva_MDVSA_2010_230.nasl
2010-11-16 Name : Mandriva Update for xpdf MDVSA-2010:228 (xpdf)
File : nvt/gb_mandriva_MDVSA_2010_228.nasl
2010-11-16 Name : Fedora Update for xpdf FEDORA-2010-16705
File : nvt/gb_fedora_2010_16705_xpdf_fc12.nasl
2010-11-16 Name : Fedora Update for xpdf FEDORA-2010-16662
File : nvt/gb_fedora_2010_16662_xpdf_fc13.nasl
2010-10-22 Name : Ubuntu Update for poppler vulnerabilities USN-1005-1
File : nvt/gb_ubuntu_USN_1005_1.nasl
2010-10-22 Name : Fedora Update for poppler FEDORA-2010-15981
File : nvt/gb_fedora_2010_15981_poppler_fc12.nasl
2010-10-22 Name : Fedora Update for poppler FEDORA-2010-15911
File : nvt/gb_fedora_2010_15911_poppler_fc13.nasl
2010-10-19 Name : RedHat Update for gpdf RHSA-2010:0752-01
File : nvt/gb_RHSA-2010_0752-01_gpdf.nasl
2010-10-19 Name : RedHat Update for kdegraphics RHSA-2010:0753-01
File : nvt/gb_RHSA-2010_0753-01_kdegraphics.nasl
2010-10-19 Name : RedHat Update for cups RHSA-2010:0754-01
File : nvt/gb_RHSA-2010_0754-01_cups.nasl
2010-10-19 Name : RedHat Update for cups RHSA-2010:0755-01
File : nvt/gb_RHSA-2010_0755-01_cups.nasl
2010-10-19 Name : RedHat Update for xpdf RHSA-2010:0751-01
File : nvt/gb_RHSA-2010_0751-01_xpdf.nasl
2010-10-19 Name : RedHat Update for xpdf RHSA-2010:0750-01
File : nvt/gb_RHSA-2010_0750-01_xpdf.nasl
2010-10-19 Name : RedHat Update for poppler RHSA-2010:0749-01
File : nvt/gb_RHSA-2010_0749-01_poppler.nasl
2010-10-19 Name : CentOS Update for cups CESA-2010:0755 centos4 i386
File : nvt/gb_CESA-2010_0755_cups_centos4_i386.nasl
2010-10-19 Name : CentOS Update for cups CESA-2010:0754 centos3 i386
File : nvt/gb_CESA-2010_0754_cups_centos3_i386.nasl
2010-10-19 Name : CentOS Update for kdegraphics CESA-2010:0753 centos4 i386
File : nvt/gb_CESA-2010_0753_kdegraphics_centos4_i386.nasl
2010-10-19 Name : CentOS Update for gpdf CESA-2010:0752 centos4 i386
File : nvt/gb_CESA-2010_0752_gpdf_centos4_i386.nasl
2010-10-19 Name : CentOS Update for xpdf CESA-2010:0751 centos4 i386
File : nvt/gb_CESA-2010_0751_xpdf_centos4_i386.nasl
2010-10-19 Name : CentOS Update for xpdf CESA-2010:0750 centos3 i386
File : nvt/gb_CESA-2010_0750_xpdf_centos3_i386.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-324-02 poppler
File : nvt/esoft_slk_ssa_2010_324_02.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-324-01 xpdf
File : nvt/esoft_slk_ssa_2010_324_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
69064 Poppler Gfx::getPos PDF Handling Uninitialized Pointer Dereference DoS

Nessus® Vulnerability Scanner

Date Description
2017-09-01 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0147.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_libpoppler-devel-101016.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_OpenOffice_org-110330.nasl - Type : ACT_GATHER_INFO
2014-02-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201402-17.nasl - Type : ACT_GATHER_INFO
2013-10-07 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201310-03.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1201.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0859.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0755.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0754.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0753.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0752.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0751.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0750.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0749.nasl - Type : ACT_GATHER_INFO
2012-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1201.nasl - Type : ACT_GATHER_INFO
2012-08-24 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120823_tetex_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1201.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101007_poppler_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20101007_xpdf_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101007_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101110_poppler_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20101007_kdegraphics_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20101007_gpdf_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_OpenOffice_org-110330.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libpoppler-devel-101016.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libpoppler-devel-101021.nasl - Type : ACT_GATHER_INFO
2011-05-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_xpdf-101014.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libreoffice331-110318.nasl - Type : ACT_GATHER_INFO
2011-03-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libreoffice331-7365.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_f2b43905354511e08e810022190034c0.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote Windows host has a program affected by multiple vulnerabilities.
File : openoffice_33.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_xpdf-101015.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpoppler-devel-101017.nasl - Type : ACT_GATHER_INFO
2011-01-03 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2135.nasl - Type : ACT_GATHER_INFO
2010-12-23 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_xpdf-7190.nasl - Type : ACT_GATHER_INFO
2010-12-10 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kdegraphics3-7235.nasl - Type : ACT_GATHER_INFO
2010-12-06 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cups-7244.nasl - Type : ACT_GATHER_INFO
2010-12-06 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12665.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libpoppler-devel-101016.nasl - Type : ACT_GATHER_INFO
2010-11-28 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libpoppler4-7192.nasl - Type : ACT_GATHER_INFO
2010-11-22 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-324-02.nasl - Type : ACT_GATHER_INFO
2010-11-22 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-324-01.nasl - Type : ACT_GATHER_INFO
2010-11-18 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0859.nasl - Type : ACT_GATHER_INFO
2010-11-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-228.nasl - Type : ACT_GATHER_INFO
2010-11-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-230.nasl - Type : ACT_GATHER_INFO
2010-11-14 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-231.nasl - Type : ACT_GATHER_INFO
2010-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16662.nasl - Type : ACT_GATHER_INFO
2010-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16705.nasl - Type : ACT_GATHER_INFO
2010-11-05 Name : The remote Fedora host is missing a security update.
File : fedora_2010-16744.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1005-1.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15981.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15911.nasl - Type : ACT_GATHER_INFO
2010-10-18 Name : The remote Fedora host is missing a security update.
File : fedora_2010-15857.nasl - Type : ACT_GATHER_INFO
2010-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2119.nasl - Type : ACT_GATHER_INFO
2010-10-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0749.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0750.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0751.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0755.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0754.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0753.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0752.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0755.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0749.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0754.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0753.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0752.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0751.nasl - Type : ACT_GATHER_INFO
2010-10-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0750.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/43845
CONFIRM ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
https://bugzilla.redhat.com/show_bug.cgi?id=595245
DEBIAN http://www.debian.org/security/2010/dsa-2119
http://www.debian.org/security/2010/dsa-2135
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2010-November/05026...
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/05028...
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/05039...
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392...
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523...
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545...
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
MISC http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd...
MLIST http://www.openwall.com/lists/oss-security/2010/10/04/6
REDHAT http://rhn.redhat.com/errata/RHSA-2012-1201.html
http://www.redhat.com/support/errata/RHSA-2010-0749.html
http://www.redhat.com/support/errata/RHSA-2010-0750.html
http://www.redhat.com/support/errata/RHSA-2010-0751.html
http://www.redhat.com/support/errata/RHSA-2010-0752.html
http://www.redhat.com/support/errata/RHSA-2010-0753.html
http://www.redhat.com/support/errata/RHSA-2010-0754.html
http://www.redhat.com/support/errata/RHSA-2010-0755.html
http://www.redhat.com/support/errata/RHSA-2010-0859.html
SECUNIA http://secunia.com/advisories/42141
http://secunia.com/advisories/42357
http://secunia.com/advisories/42397
http://secunia.com/advisories/42691
http://secunia.com/advisories/43079
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2010&...
SUSE http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
UBUNTU http://www.ubuntu.com/usn/USN-1005-1
VUPEN http://www.vupen.com/english/advisories/2010/2897
http://www.vupen.com/english/advisories/2010/3097
http://www.vupen.com/english/advisories/2011/0230

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2021-05-05 01:07:57
  • Multiple Updates
2021-05-04 12:13:43
  • Multiple Updates
2021-04-22 01:14:51
  • Multiple Updates
2020-12-23 21:23:18
  • Multiple Updates
2020-05-23 00:26:37
  • Multiple Updates
2019-03-06 21:19:18
  • Multiple Updates
2017-09-02 13:25:16
  • Multiple Updates
2016-04-26 20:08:50
  • Multiple Updates
2014-06-14 13:29:27
  • Multiple Updates
2014-02-19 13:21:50
  • Multiple Updates
2014-02-17 10:57:48
  • Multiple Updates
2013-05-10 23:34:10
  • Multiple Updates
2012-11-20 13:22:10
  • Multiple Updates