What is CVE-2010-3704?

CVE-2010-3704 is a vulnerability in Foolabs Xpdf, classified under Improper Input Validation. Published 2010-11-05.

Is CVE-2010-3704 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Foolabs Xpdf

CVE-2010-3704

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a den…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.036 (88.0th percentile) — read the EPSS interpretation.

Affected products

Foolabs Xpdf — versions 3.02pl1, 3.0.1, 1.00a
Glyphandcog Xpdfreader — versions 0.92, 0.91, 1.00
Kde Kdegraphics
Poppler — versions 0.13.2, 0.14.4, 0.10.5
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (mailing-list, x_refsource_MLIST)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)
secalert@redhat.com (vdb-entry, x_refsource_VUPEN)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2010-3704?: CVE-2010-3704 is a vulnerability in Foolabs Xpdf, classified under Improper Input Validation. Published 2010-11-05.
Is CVE-2010-3704 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.