CVE-2010-3702

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

Published: 2010-11-05 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2010-3702 is rated Moderate Risk (54.5/100): CVSS High severity, with medium exploitation likelihood (EPSS 2.76%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2010-3702

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 9.18% 2.76% -6.42%
2 2026-06-13 7.63% 9.18% +1.55%
3 2026-06-07 7.63%

Full EPSS history (13 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-3702

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 6.4 [email protected]

Weakness enumeration for CVE-2010-3702

OS Trackers for CVE-2010-3702

vendor priority summary link
debian not yet assigned CVE-2010-3702 not yet assigned priority: Debian including 2 source packages (poppler, xpdf), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 10. https://security-tracker.debian.org/tracker/CVE-2010-3702
gentoo normal CVE-2010-3702: 2 GLSA(s) (201310-03, 201402-17), 2 atom(s) (app-text/poppler, app-text/xpdf); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2010-3702
redhat high https://access.redhat.com/security/cve/CVE-2010-3702
ubuntu medium CVE-2010-3702 medium priority: Ubuntu including 11 source packages (gpdf, ipe, …), 407 status rows across 37 suites (artful, bionic, cosmic, dapper, disco, eoan, focal, groovy, hardy, hirsute, impish, jammy, jaunty, karmic, kinetic, lucid, lunar, mantic, maverick, natty, noble, oneiric, oracular, plucky, precise, quantal, questing, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): DNE 204 (5 distinct statuses). https://ubuntu.com/security/CVE-2010-3702

Affected software / configurations for CVE-2010-3702

Vendor Product Version Raw CPE
apple cups <= 1.3.11 cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
freedesktop poppler >= 0.8.7, <= 0.15.1 cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
xpdfreader xpdf <= 3.01 cpe:2.3:a:xpdfreader:xpdf:*:*:*:*:*:*:*:*
xpdfreader xpdf 3.02 cpe:2.3:a:xpdfreader:xpdf:3.02:-:*:*:*:*:*:*
xpdfreader xpdf 3.02 cpe:2.3:a:xpdfreader:xpdf:3.02:pl1:*:*:*:*:*:*
xpdfreader xpdf 3.02 cpe:2.3:a:xpdfreader:xpdf:3.02:pl2:*:*:*:*:*:*
xpdfreader xpdf 3.02 cpe:2.3:a:xpdfreader:xpdf:3.02:pl3:*:*:*:*:*:*
xpdfreader xpdf 3.02 cpe:2.3:a:xpdfreader:xpdf:3.02:pl4:*:*:*:*:*:*
fedoraproject fedora 12 cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
fedoraproject fedora 13 cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
fedoraproject fedora 14 cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
opensuse opensuse 11.1 cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
opensuse opensuse 11.2 cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
opensuse opensuse 11.3 cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
suse linux_enterprise_server 9 cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
suse linux_enterprise_server 10 cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
debian debian_linux 5.0 cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
debian debian_linux 6.0 cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 5.0 cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
redhat enterprise_linux_server 5.0 cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
redhat enterprise_linux_workstation 5.0 cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
canonical ubuntu_linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
canonical ubuntu_linux 8.04 cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
canonical ubuntu_linux 9.04 cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
canonical ubuntu_linux 9.10 cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
canonical ubuntu_linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
canonical ubuntu_linux 10.10 cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

References for CVE-2010-3702

URL Tags
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch Broken Link
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf Patch Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049392.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1201.html Third Party Advisory
http://secunia.com/advisories/42141 Third Party Advisory
http://secunia.com/advisories/42357 Third Party Advisory
http://secunia.com/advisories/42397 Third Party Advisory
http://secunia.com/advisories/42691 Third Party Advisory
http://secunia.com/advisories/43079 Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.571720 Third Party Advisory
http://www.debian.org/security/2010/dsa-2119 Third Party Advisory
http://www.debian.org/security/2010/dsa-2135 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:228 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:229 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:230 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:231 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2010/10/04/6 Mailing List Patch Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0749.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0750.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0751.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0752.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0753.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0754.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0755.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0859.html Third Party Advisory
http://www.securityfocus.com/bid/43845 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1005-1 Third Party Advisory
http://www.vupen.com/english/advisories/2010/2897 Third Party Advisory
http://www.vupen.com/english/advisories/2010/3097 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0230 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=595245 Issue Tracking Patch Third Party Advisory
cvelogic Threat Intelligence