CVE-2010-5110

Severity CVSS v4.0:

Pending analysis

Type:

CWE-20 Input Validation

Publication date:

29/08/2014

Last modified:

12/04/2025

Description

DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

Impact

Vector 2.0

AV:N/AC:M/Au:N/C:N/I:N/A:P CVSS v2.0 Severity and Metrics:

Base Score: 4.30 MEDIUM
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Physical

Base Score 2.0

4.30

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:freedesktop:poppler::::::::		0.13.2 (including)
cpe:2.3:a:freedesktop:poppler:0.13.0:::::::*
cpe:2.3:a:freedesktop:poppler:0.13.1:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8
http://comments.gmane.org/gmane.comp.security.oss.general/11132
http://secunia.com/advisories/59857
https://bugs.freedesktop.org/show_bug.cgi?id=26280
https://www.suse.com/support/update/announcement/2014/suse-su-20140817-1.html
http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8
http://comments.gmane.org/gmane.comp.security.oss.general/11132
http://secunia.com/advisories/59857
https://bugs.freedesktop.org/show_bug.cgi?id=26280
https://www.suse.com/support/update/announcement/2014/suse-su-20140817-1.html