NULL pointer dereference in Apple Cups

CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (cras…

EPSS: 0.047 (89.6th percentile) — read the EPSS interpretation.

Affected products

Apple Cups
Freedesktop Poppler
Xpdfreader Xpdf — versions 3.02
Canonical Ubuntu_linux — versions 10.10, 6.06, 10.04
Debian Debian_linux — versions 5.0, 6.0
Fedoraproject Fedora — versions 12, 13, 14
Opensuse — versions 11.3, 11.1, 11.2
Redhat Enterprise_linux_desktop — versions 5.0
Redhat Enterprise_linux_server — versions 5.0
Redhat Enterprise_linux_workstation — versions 5.0

Weakness classification (CWE)

CWE-476 — NULL Pointer Dereference

References

FEDORA-2010-16662 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
[oss-security] 20101004 Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
FEDORA-2010-15857 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
secalert@redhat.com (Patch, x_refsource_MISC, Vendor Advisory)
RHSA-2010:0859 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
42357 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
MDVSA-2010:228 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
ADV-2011-0230 (Third Party Advisory, vdb-entry, x_refsource_VUPEN)
RHSA-2010:0752 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)