The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
CVE-2010-3702 (cups, debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_workstation, fedora, linux_enterprise_server, opensuse, poppler, ubuntu_linux, xpdf)
Leave a reply
