Unrated severityNVD Advisory· Published Nov 5, 2010· Updated Apr 29, 2026

CVE-2010-3703

Description

The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Poppler (software)/Poppler36 versions
cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*+ 35 more
- cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*
- (no CPE)range: <=0.15.1

Patches

Vulnerability mechanics

Root cause

"Uninitialized pointer dereference in PostScriptFunction constructor — the `stack` member is not set to NULL before use."

Attack vector

An attacker crafts a malicious PDF file that triggers the PostScriptFunction parser in poppler. When the parser encounters certain malformed input, it reaches a code path where a pointer (`stack`) is used before being initialized. Because `stack` is never set to NULL in the constructor, the uninitialized pointer dereference causes a crash, leading to a denial of service. The attack requires no authentication and can be delivered over the network simply by having the victim open the crafted PDF. [CWE-20]

What the fix does

The patch adds a single line `stack = NULL;` in the PostScriptFunction constructor, ensuring the pointer is always initialized before any code path can dereference it. Without this initialization, a malformed PDF that causes an early error or bypasses normal stack allocation leaves `stack` pointing to arbitrary memory, which triggers a crash on subsequent use. This is a classic uninitialized-variable defect. [patch_id=6676622]

Preconditions

inputVictim must open a crafted PDF file using an application that relies on poppler's PDF parser
authNo authentication or special privileges required
networkAttack can be delivered over the network (e.g., email, web download)

Generated on Jun 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000