CVE-2010-5110
Published: 29 August 2014
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
Notes
Author | Note |
---|---|
seth-arnold | Debian bug report suggests patch five may not be necessary |
mdeslaur | patch breaks ABI on lucid, this is in the supported set because of certain cups filters. The filters don't crash on the reproducer. |
Priority
Status
Package | Release | Status |
---|---|---|
poppler Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Not vulnerable
(0.18.4-1ubuntu3.1)
|
|
quantal |
Not vulnerable
|
|
raring |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Released
(0.16.3-1)
|
|
utopic |
Not vulnerable
|
|
vivid |
Not vulnerable
|
|
Patches: upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8 (pt1) upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=301352e5585d4ab6e7b609b4ab79b4d8b8656092 (pt2) upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=7bcf4e1f050c16e7a72ca633589602b252ab46cc (pt3) upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=42c1b1c4af6b07f488d1b2b02a4700f19b0ab0ef (pt4) upstream: http://cgit.freedesktop.org/poppler/poppler/commit/?id=70e6af4739d2eea58e6f3200a8c9467597a12ae5 (pt5) |