CVE-2010-3703
Published: 13 October 2010
The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.
Notes
| Author | Note |
|---|---|
| mdeslaur | only affect poppler versions after b1d4efb082 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
kdegraphics Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(linked to poppler)
|
| hardy |
Not vulnerable
(linked to poppler)
|
|
| hirsute |
Does not exist
|
|
| artful |
Does not exist
|
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| jaunty |
Not vulnerable
(linked to poppler)
|
|
| karmic |
Not vulnerable
(linked to poppler)
|
|
| kinetic |
Does not exist
|
|
| lucid |
Not vulnerable
(linked to poppler)
|
|
| lunar |
Does not exist
|
|
| maverick |
Not vulnerable
(linked to poppler)
|
|
| natty |
Not vulnerable
(linked to poppler)
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
gpdf Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| hirsute |
Does not exist
|
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| dapper |
Ignored
(end of life)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| lunar |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
ipe Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
| bionic |
Needs triage
|
|
| cosmic |
Ignored
(end of life)
|
|
| dapper |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| vivid |
Ignored
(end of life)
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| xenial |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| hardy |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Ignored
(end of life)
|
|
| lunar |
Needs triage
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was needs-triage)
|
|
| upstream |
Needs triage
|
|
| utopic |
Ignored
(end of life)
|
|
| wily |
Ignored
(end of life)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Ignored
(end of life)
|
|
| mantic |
Needs triage
|
|
|
pdfkit.framework Launchpad, Ubuntu, Debian |
impish |
Does not exist
|
| hirsute |
Does not exist
|
|
| artful |
Does not exist
|
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| dapper |
Ignored
(end of life)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| jammy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| lunar |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
libextractor Launchpad, Ubuntu, Debian |
groovy |
Ignored
(end of life)
|
| hirsute |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(does not use xpdf anymore)
|
|
| impish |
Ignored
(end of life)
|
|
| focal |
Not vulnerable
(does not use xpdf anymore)
|
|
| jammy |
Not vulnerable
(does not use xpdf anymore)
|
|
| kinetic |
Not vulnerable
(does not use xpdf anymore)
|
|
| artful |
Ignored
(end of life)
|
|
| bionic |
Not vulnerable
(does not use xpdf anymore)
|
|
| cosmic |
Ignored
(end of life)
|
|
| dapper |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| hardy |
Ignored
(end of life)
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Ignored
(end of life)
|
|
| lucid |
Ignored
(end of life)
|
|
| lunar |
Not vulnerable
(does not use xpdf anymore)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Not vulnerable
(does not use xpdf anymore)
|
|
| upstream |
Needs triage
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Ignored
(end of life)
|
|
| yakkety |
Ignored
(end of life)
|
|
| zesty |
Ignored
(end of life)
|
|
| mantic |
Not vulnerable
(does not use xpdf anymore)
|
|
|
koffice Launchpad, Ubuntu, Debian |
hirsute |
Does not exist
|
| artful |
Does not exist
|
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| dapper |
Ignored
(end of life)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hardy |
Ignored
(end of life)
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Not vulnerable
(linked to poppler)
|
|
| kinetic |
Does not exist
|
|
| lucid |
Not vulnerable
(code not present)
|
|
| lunar |
Does not exist
|
|
| maverick |
Not vulnerable
(code not present)
|
|
| natty |
Not vulnerable
(code not present)
|
|
| oneiric |
Not vulnerable
(code not present)
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
pdftohtml Launchpad, Ubuntu, Debian |
hirsute |
Does not exist
|
| artful |
Does not exist
|
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| dapper |
Ignored
(end of life)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| lunar |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
poppler Launchpad, Ubuntu, Debian |
hirsute |
Not vulnerable
(0.16.0-0ubuntu2)
|
| artful |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| bionic |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| cosmic |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| dapper |
Not vulnerable
(code not present)
|
|
| disco |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| eoan |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| focal |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| groovy |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| hardy |
Not vulnerable
(code not present)
|
|
| impish |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| jammy |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| jaunty |
Not vulnerable
(code not present)
|
|
| karmic |
Released
(0.12.0-0ubuntu2.3)
|
|
| kinetic |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| lucid |
Released
(0.12.4-0ubuntu5.1)
|
|
| lunar |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| maverick |
Released
(0.14.3-0ubuntu1.1)
|
|
| natty |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| oneiric |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| precise |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| quantal |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| raring |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| saucy |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| trusty |
Does not exist
(trusty was not-affected [0.16.0-0ubuntu2])
|
|
| upstream |
Released
(0.14.4)
|
|
| utopic |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| vivid |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| wily |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| xenial |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| yakkety |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| zesty |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
| mantic |
Not vulnerable
(0.16.0-0ubuntu2)
|
|
|
Patches: upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f |
||
|
tetex-bin Launchpad, Ubuntu, Debian |
hirsute |
Does not exist
|
| artful |
Does not exist
|
|
| bionic |
Does not exist
|
|
| cosmic |
Does not exist
|
|
| dapper |
Not vulnerable
(linked to poppler)
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lucid |
Does not exist
|
|
| lunar |
Does not exist
|
|
| maverick |
Does not exist
|
|
| natty |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| raring |
Does not exist
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
texlive-bin Launchpad, Ubuntu, Debian |
hirsute |
Not vulnerable
(linked to poppler)
|
| artful |
Not vulnerable
(linked to poppler)
|
|
| bionic |
Not vulnerable
(linked to poppler)
|
|
| cosmic |
Not vulnerable
(linked to poppler)
|
|
| dapper |
Does not exist
|
|
| disco |
Not vulnerable
(linked to poppler)
|
|
| eoan |
Not vulnerable
(linked to poppler)
|
|
| focal |
Not vulnerable
(linked to poppler)
|
|
| groovy |
Not vulnerable
(linked to poppler)
|
|
| hardy |
Not vulnerable
(linked to poppler)
|
|
| impish |
Not vulnerable
(linked to poppler)
|
|
| jammy |
Not vulnerable
(linked to poppler)
|
|
| jaunty |
Not vulnerable
(linked to poppler)
|
|
| karmic |
Not vulnerable
(linked to poppler)
|
|
| kinetic |
Not vulnerable
(linked to poppler)
|
|
| lucid |
Not vulnerable
(linked to poppler)
|
|
| lunar |
Not vulnerable
(linked to poppler)
|
|
| maverick |
Not vulnerable
(linked to poppler)
|
|
| natty |
Not vulnerable
(linked to poppler)
|
|
| oneiric |
Not vulnerable
(linked to poppler)
|
|
| precise |
Not vulnerable
(linked to poppler)
|
|
| quantal |
Not vulnerable
(linked to poppler)
|
|
| raring |
Not vulnerable
(linked to poppler)
|
|
| saucy |
Not vulnerable
(linked to poppler)
|
|
| trusty |
Does not exist
(trusty was not-affected [linked to poppler])
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
(linked to poppler)
|
|
| vivid |
Not vulnerable
(linked to poppler)
|
|
| wily |
Not vulnerable
(linked to poppler)
|
|
| xenial |
Not vulnerable
(linked to poppler)
|
|
| yakkety |
Not vulnerable
(linked to poppler)
|
|
| zesty |
Not vulnerable
(linked to poppler)
|
|
| mantic |
Not vulnerable
(linked to poppler)
|
|
|
xpdf Launchpad, Ubuntu, Debian |
hirsute |
Not vulnerable
|
| artful |
Not vulnerable
(3.02-12ubuntu1)
|
|
| bionic |
Not vulnerable
(3.02-12ubuntu1)
|
|
| cosmic |
Not vulnerable
(3.02-12ubuntu1)
|
|
| dapper |
Ignored
(end of life)
|
|
| disco |
Not vulnerable
(3.02-12ubuntu1)
|
|
| eoan |
Not vulnerable
(3.02-12ubuntu1)
|
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| hardy |
Ignored
(end of life)
|
|
| impish |
Not vulnerable
|
|
| jammy |
Not vulnerable
|
|
| jaunty |
Ignored
(end of life)
|
|
| karmic |
Released
(3.02-1.4ubuntu2.9.10.2)
|
|
| kinetic |
Not vulnerable
|
|
| lucid |
Ignored
(end of life)
|
|
| lunar |
Not vulnerable
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Not vulnerable
(3.02-12ubuntu1)
|
|
| oneiric |
Not vulnerable
(3.02-12ubuntu1)
|
|
| precise |
Not vulnerable
(3.02-12ubuntu1)
|
|
| quantal |
Not vulnerable
(3.02-12ubuntu1)
|
|
| raring |
Not vulnerable
(3.02-12ubuntu1)
|
|
| saucy |
Not vulnerable
(3.02-12ubuntu1)
|
|
| trusty |
Does not exist
(trusty was not-affected [3.02-12ubuntu1])
|
|
| upstream |
Released
(3.02-12)
|
|
| utopic |
Not vulnerable
(3.02-12ubuntu1)
|
|
| vivid |
Not vulnerable
(3.02-12ubuntu1)
|
|
| wily |
Not vulnerable
(3.02-12ubuntu1)
|
|
| xenial |
Not vulnerable
(3.02-12ubuntu1)
|
|
| yakkety |
Not vulnerable
(3.02-12ubuntu1)
|
|
| zesty |
Not vulnerable
(3.02-12ubuntu1)
|
|
| mantic |
Not vulnerable
|
|