CVE-2010-3702

Name of the Vulnerable Software and Affected Versions cups versions 1.1.17 through 1.1.22 cups-devel versions 1.1.17 through 1.1.22 cups-libs versions 1.1.17 through 1.1.22 kdegraphics versions 3.3.1 kdegraphics-devel versions 3.3.1 xpdf versions prior to 3.02pl5 poppler versions prior to 0.15.1

Description The issue is related to a vulnerability in the PDF parser, specifically the Gfx::getPos function, which allows context-dependent attackers to cause a denial of service or gain access to confidential data. The vulnerability can be exploited remotely, potentially leading to a disruption of confidentiality, integrity, and availability of protected information.

Recommendations For cups versions 1.1.17 through 1.1.22, consider disabling the vulnerable function until a patch is available. For cups-devel versions 1.1.17 through 1.1.22, restrict access to the vulnerable module to minimize the risk of exploitation. For cups-libs versions 1.1.17 through 1.1.22, avoid using the vulnerable library until the issue is resolved. For kdegraphics versions 3.3.1, consider disabling the vulnerable component until a patch is available. For kdegraphics-devel versions 3.3.1, restrict access to the vulnerable module to minimize the risk of exploitation. For xpdf versions prior to 3.02pl5, update to version 3.02pl5 or later. For poppler versions prior to 0.15.1, update to version 0.15.1 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability.