Vulnerability CVE-2010-5110

Vulnerability Name:

CVE-2010-5110 (CCN-88063)

Assigned:

2010-04-24

Published:

2010-04-24

Updated:

2014-09-02

Summary:

DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Denial of Service

References:

Source: CONFIRM
Type: Exploit, Patch
http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8

Source: MLIST
Type: UNKNOWN
[oss-security] 20140918 CVE Request : poppler < 0.13.0

Source: MITRE
Type: CNA
CVE-2010-5110

Source: CCN
Type: Poppler Web Site
Poppler

Source: CCN
Type: oss-sec Mailing List, Mon, 14 Oct 2013 14:38:33 +0200
Re: CVE Request : poppler < 0.13.0

Source: SECUNIA
Type: UNKNOWN
59857

Source: CCN
Type: BID-63001
Poppler 'DCTStream.cc' File Denial of Service Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugs.freedesktop.org/show_bug.cgi?id=26280

Source: XF
Type: UNKNOWN
poppler-cve20105110-dos(88063)

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:0817

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2010-5110

Vulnerable Configuration:

Configuration 1:

cpe:/a:freedesktop:poppler:0.13.0:*:*:*:*:*:*:*

OR cpe:/a:freedesktop:poppler:0.13.1:*:*:*:*:*:*:*

OR cpe:/a:freedesktop:poppler:*:*:*:*:*:*:*:* (Version <= 0.13.2)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20105110	V	CVE-2010-5110	2022-05-20
oval:org.opensuse.security:def:26228	P	Security update for ghostscript (Moderate)	2022-01-14
oval:org.opensuse.security:def:32286	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:55991	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:26185	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:30156	P	Security update for clamav (Moderate)	2021-12-01
oval:org.opensuse.security:def:33731	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:34564	P	Security update for MozillaFirefox (Important)	2021-10-15
oval:org.opensuse.security:def:31688	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:55953	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:33720	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:56072	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:33719	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:31677	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:31676	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:26101	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:55228	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:26100	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:33950	P	Security update for dbus-1 (Important)	2021-08-02
oval:org.opensuse.security:def:34495	P	Security update for lasso (Important)	2021-08-02
oval:org.opensuse.security:def:32130	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:42617	P	libpoppler-glib4-0.12.3-1.10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36210	P	libpoppler-glib4-0.12.3-1.10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36475	P	libpoppler-devel-0.12.3-1.10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:34456	P	Security update for libX11 (Important)	2021-06-08
oval:org.opensuse.security:def:31190	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:26044	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:30070	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:26036	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:31153	P	Security update for xen (Important)	2021-04-19
oval:org.opensuse.security:def:34407	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:55879	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP2) (Important)	2021-04-12
oval:org.opensuse.security:def:26025	P	Security update for openexr (Moderate)	2021-04-07
oval:org.opensuse.security:def:26024	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:34046	P	Security update for openssl-1_1 (Important)	2021-03-25
oval:org.opensuse.security:def:34520	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:30013	P	Security update for java-1_8_0-ibm (Moderate)	2021-01-05
oval:org.opensuse.security:def:55787	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:55122	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:26366	P	Security update for kdelibs4, kio (Moderate)	2020-12-01
oval:org.opensuse.security:def:26703	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27438	P	libcgroup-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26359	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:26643	P	systemtap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26988	P	mailman on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27134	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27309	P	tgt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27513	P	lzo-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27887	P	Security update for rubygem-rack-1_4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28042	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:29794	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:30452	P	Security update for puppet	2020-12-01
oval:org.opensuse.security:def:54571	P	libmms0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57348	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31986	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:32342	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:32496	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34349	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:25759	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25963	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26336	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26491	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:26450	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:26742	P	libcgroup1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27473	P	libpoppler-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26370	P	Security update for mbedtls (Important)	2020-12-01
oval:org.opensuse.security:def:26700	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27037	P	syslog-ng on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27772	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:27310	P	tomcat6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27595	P	Security update for ImageMagick	2020-12-01
oval:org.opensuse.security:def:27940	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28086	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:29709	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:29926	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:30309	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:30471	P	Security update for automake	2020-12-01
oval:org.opensuse.security:def:54711	P	xscreensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55394	P	sysvinit-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57422	P	Security update for poppler	2020-12-01
oval:org.opensuse.security:def:32043	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32391	P	Security update for tomcat6 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33134	P	libFLAC++6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25760	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26389	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26535	P	cyrus-imapd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26601	P	libsamplerate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26756	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26434	P	Security update for pdns (Important)	2020-12-01
oval:org.opensuse.security:def:26784	P	mono-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27076	P	aaa_base on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27807	P	Security update for poppler	2020-12-01
oval:org.opensuse.security:def:27321	P	wpa_supplicant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27652	P	Security update for mozilla-nspr, mozilla-nss	2020-12-01
oval:org.opensuse.security:def:27989	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:28724	P	Security update for Linux kernel	2020-12-01
oval:org.opensuse.security:def:29710	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:30364	P	Security update for wireshark (Low)	2020-12-01
oval:org.opensuse.security:def:30515	P	Security update for ghostscript	2020-12-01
oval:org.opensuse.security:def:54548	P	libgcrypt20 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54949	P	libwireshark8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55679	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31762	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32430	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:33173	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34103	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:35202	P	Security update for PostgreSQL 9.1	2020-12-01
oval:org.opensuse.security:def:25771	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26438	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:27173	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26309	P	Security update for haproxy (Important)	2020-12-01
oval:org.opensuse.security:def:26654	P	xpdf-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26800	P	pango on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26358	P	Security update for Mozilla Thunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:26562	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26935	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27090	P	bash on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27385	P	cvs-doc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27736	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:28028	P	Security update for bind (Moderate)	2020-12-01
oval:org.opensuse.security:def:28759	P	Security update for poppler	2020-12-01
oval:org.opensuse.security:def:29721	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:30413	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:54549	P	libgif6-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31894	P	Security update for fetchmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:32452	P	Security update for xerces-j2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33814	P	Security update for giflib (Moderate)	2020-12-01
oval:org.opensuse.security:def:34192	P	Security update for pam (Moderate)	2020-12-01
oval:org.opensuse.security:def:35242	P	Security update for poppler	2020-12-01
oval:org.opensuse.security:def:25835	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26477	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:27208	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:26307	P	SUSE-SU-2014:0817-1 -- Security update for poppler	2014-09-15
oval:com.ubuntu.precise:def:20105110000	V	CVE-2010-5110 on Ubuntu 12.04 LTS (precise) - low.	2014-08-29
oval:com.ubuntu.trusty:def:20105110000	V	CVE-2010-5110 on Ubuntu 14.04 LTS (trusty) - low.	2014-08-29
oval:org.opensuse.security:def:80056	P	Security update for poppler	2014-05-21

BACK