CVE-2010-0207

In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
xpdfreaderxpdf
3.03-17
xpdfreaderxpdf
3.04-4
xpdfreaderxpdf
3.04-13
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bullseye (security)
20.09.0-3.1+deb11u1
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
bookworm
22.12.0-2
fixed
sid
24.08.0-3
fixed
trixie
24.08.0-3
fixed
xpdf
bullseye
unimportant
bookworm
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ipe
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
kdegraphics
oneiric
dne
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
koffice
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
hardy
ignored
libextractor
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
poppler
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
xpdf
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207
https://security-tracker.debian.org/tracker/CVE-2010-0207
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0207
https://security-tracker.debian.org/tracker/CVE-2010-0207