Lucene search

Veracode Vulnerability DatabaseVERACODE:24190

HistoryApr 10, 2020 - 12:48 a.m.

Arbitrary Code Execution

2020-04-1000:48:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

xpdf is vulnerable to arbitrary code execution. The vulnerability exists as an uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code.

CPENameOperatorVersion
xpdfeq3.00__14.el4
xpdfeq3.00__20.el4
xpdfeq2.02__11.el3
xpdfeq3.00__22.el4_8.1
xpdfeq2.02__17.el3
xpdfeq2.02__14.el3
xpdfeq3.00__16.el4
xpdfeq3.00__23.el4_8.1
kdegraphicseq3.3.1__10.el4
kdegraphicseq3.5.4__13.el5_3

Name	Operator	Version
xpdf	eq	3.00__14.el4
xpdf	eq	3.00__20.el4
xpdf	eq	2.02__11.el3
xpdf	eq	3.00__22.el4_8.1
xpdf	eq	2.02__17.el3
xpdf	eq	2.02__14.el3
xpdf	eq	3.00__16.el4
xpdf	eq	3.00__23.el4_8.1
kdegraphics	eq	3.3.1__10.el4
kdegraphics	eq	3.5.4__13.el5_3

Rows per page:

1-10 of 311

References

cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch

lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html

lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html

lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html

lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

rhn.redhat.com/errata/RHSA-2012-1201.html

secunia.com/advisories/42141

secunia.com/advisories/42357

secunia.com/advisories/42397

secunia.com/advisories/42691

secunia.com/advisories/43079

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720

www.debian.org/security/2010/dsa-2119

www.debian.org/security/2010/dsa-2135

www.mandriva.com/security/advisories?name=MDVSA-2010:228

www.mandriva.com/security/advisories?name=MDVSA-2010:229

www.mandriva.com/security/advisories?name=MDVSA-2010:230

www.mandriva.com/security/advisories?name=MDVSA-2010:231

www.mandriva.com/security/advisories?name=MDVSA-2012:144

www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html

www.openwall.com/lists/oss-security/2010/10/04/6

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2010-0749.html

www.redhat.com/support/errata/RHSA-2010-0750.html

www.redhat.com/support/errata/RHSA-2010-0751.html

www.redhat.com/support/errata/RHSA-2010-0752.html

www.redhat.com/support/errata/RHSA-2010-0753.html

www.redhat.com/support/errata/RHSA-2010-0754.html

www.redhat.com/support/errata/RHSA-2010-0755.html

www.redhat.com/support/errata/RHSA-2010-0859.html

www.securityfocus.com/bid/43845

www.ubuntu.com/usn/USN-1005-1

www.vupen.com/english/advisories/2010/2897

www.vupen.com/english/advisories/2010/3097

www.vupen.com/english/advisories/2011/0230

access.redhat.com/errata/RHSA-2010:0751

bugzilla.redhat.com/show_bug.cgi?id=595245

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:24190