CVE-2010-3704
Detail
Deferred This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.
Description
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch
CVE, Inc., Red Hat
Patch
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
CVE, Inc., Red Hat
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
CVE, Inc., Red Hat
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
CVE, Inc., Red Hat
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
CVE, Inc., Red Hat
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
CVE, Inc., Red Hat
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
CVE, Inc., Red Hat
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
CVE, Inc., Red Hat
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
CVE, Inc., Red Hat
http://rhn.redhat.com/errata/RHSA-2012-1201.html
CVE, Inc., Red Hat
http://secunia.com/advisories/42141
CVE, Inc., Red Hat
http://secunia.com/advisories/42357
CVE, Inc., Red Hat
http://secunia.com/advisories/42397
CVE, Inc., Red Hat
http://secunia.com/advisories/42691
CVE, Inc., Red Hat
http://secunia.com/advisories/43079
CVE, Inc., Red Hat
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
CVE, Inc., Red Hat
http://www.debian.org/security/2010/dsa-2119
CVE, Inc., Red Hat
http://www.debian.org/security/2010/dsa-2135
CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
CVE, Inc., Red Hat
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
CVE, Inc., Red Hat
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
CVE, Inc., Red Hat
http://www.openwall.com/lists/oss-security/2010/10/04/6
CVE, Inc., Red Hat
http://www.redhat.com/support/errata/RHSA-2010-0749.html
CVE, Inc., Red Hat
http://www.redhat.com/support/errata/RHSA-2010-0751.html
CVE, Inc., Red Hat
http://www.redhat.com/support/errata/RHSA-2010-0752.html
CVE, Inc., Red Hat
http://www.redhat.com/support/errata/RHSA-2010-0753.html
CVE, Inc., Red Hat
http://www.redhat.com/support/errata/RHSA-2010-0859.html
CVE, Inc., Red Hat
http://www.securityfocus.com/bid/43841
CVE, Inc., Red Hat
http://www.ubuntu.com/usn/USN-1005-1
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2010/2897
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2010/3097
CVE, Inc., Red Hat
http://www.vupen.com/english/advisories/2011/0230
CVE, Inc., Red Hat
https://bugzilla.redhat.com/show_bug.cgi?id=638960
CVE, Inc., Red Hat
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-20
Improper Input Validation
NIST  
Change History
24 change records found show changes
CVE Modified by CVE 11/20/2024 8:19:25 PM
Action
Type
Old Value
New Value
Added
Reference
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch
Added
Reference
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html
Added
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
Added
Reference
http://rhn.redhat.com/errata/RHSA-2012-1201.html
Added
Reference
http://secunia.com/advisories/42141
Added
Reference
http://secunia.com/advisories/42357
Added
Reference
http://secunia.com/advisories/42397
Added
Reference
http://secunia.com/advisories/42691
Added
Reference
http://secunia.com/advisories/43079
Added
Reference
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720
Added
Reference
http://www.debian.org/security/2010/dsa-2119
Added
Reference
http://www.debian.org/security/2010/dsa-2135
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2010:228
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144
Added
Reference
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
Added
Reference
http://www.openwall.com/lists/oss-security/2010/10/04/6
Added
Reference
http://www.redhat.com/support/errata/RHSA-2010-0749.html
Added
Reference
http://www.redhat.com/support/errata/RHSA-2010-0751.html
Added
Reference
http://www.redhat.com/support/errata/RHSA-2010-0752.html
Added
Reference
http://www.redhat.com/support/errata/RHSA-2010-0753.html
Added
Reference
http://www.redhat.com/support/errata/RHSA-2010-0859.html
Added
Reference
http://www.securityfocus.com/bid/43841
Added
Reference
http://www.ubuntu.com/usn/USN-1005-1
Added
Reference
http://www.vupen.com/english/advisories/2010/2897
Added
Reference
http://www.vupen.com/english/advisories/2010/3097
Added
Reference
http://www.vupen.com/english/advisories/2011/0230
Added
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=638960
CVE Modified by Red Hat, Inc. 5/13/2024 10:22:14 PM
Action
Type
Old Value
New Value
CPE Deprecation Remap by NIST 3/06/2019 11:30:36 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:0.7:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:30:36 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:0.91:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:30:37 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:0.92:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:30:37 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:0.93:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:30:37 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:2.02:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:30:38 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:*:*:*:*:*:*:*:* versions from (including) 3.02pl4
OR
*cpe:2.3:a:glyphandcog:xpdfreader:*:*:*:*:*:*:*:* versions from (including) 3.02
CPE Deprecation Remap by NIST 3/06/2019 11:30:38 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:3.02:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:29 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:0.2:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:30 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:0.3:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:30 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:0.4:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:30 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:0.5:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:30 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:0.6:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:30 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:0.80:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:31 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:0.90:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:31 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:1.00:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:31 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:1.01:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:31 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:2.00:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:32 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:2.01:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:32 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:2.03:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:32 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:3.00:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*
CPE Deprecation Remap by NIST 3/06/2019 11:20:32 AM
Action
Type
Old Value
New Value
Changed
CPE Configuration
OR
*cpe:2.3:a:foolabs:xpdf:3.01:*:*:*:*:*:*:*
OR
*cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*
Initial CVE Analysis 11/08/2010 1:55:00 PM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2010-3704 NVD
Published Date: 11/05/2010 NVD
Last Modified: 04/10/2025
Source: Red Hat, Inc.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
