CVE-2010-3703

Description

The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.

How to fix CVE-2010-3703

To remediate CVE-2010-3703, upgrade the affected package to a fixed version below.

• Debian/poppler—upgrade to 0.12.4-1.2 or later
• Debian/xpdf—upgrade to 3.02-9 or later

Is CVE-2010-3703 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 0.12.4-1.2
• from 0, < 3.02-9

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-3703