Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1693

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1693
Last Modified 07 Mar 2011 10:07:29
Published 18 Apr 2008 11:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1693

Summary

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

Vulnerable Systems

Application

  • Poppler 0.1

  • Poppler 0.1.1

  • Poppler 0.1.2

  • Poppler 0.2.0

  • Poppler 0.3.0

  • Poppler 0.3.1

  • Poppler 0.3.2

  • Poppler 0.3.3

  • Poppler 0.4.0

  • Poppler 0.4.1

  • Poppler 0.4.2

  • Poppler 0.4.3

  • Poppler 0.4.4

  • Poppler 0.5.0

  • Poppler 0.5.1

  • Poppler 0.5.2

  • Poppler 0.5.3

  • Poppler 0.5.4

  • Poppler 0.5.9

  • Poppler 0.5.91

  • Poppler 0.6.0

  • Poppler 0.6.1

  • Poppler 0.6.2

  • Poppler 0.6.3

  • Poppler 0.6.4

  • Poppler 0.7.0

  • Poppler 0.7.1

  • Poppler 0.7.2

  • Poppler 0.7.3


References

DEBIAN - DSA-1548

VUPEN - ADV-2008-1266

VUPEN - ADV-2008-1265

UBUNTU - USN-603-2

UBUNTU - USN-603-1

BID - 28830

REDHAT - RHSA-2008:0240

REDHAT - RHSA-2008:0239

REDHAT - RHSA-2008:0238

SUSE - SUSE-SR:2008:013

MANDRIVA - MDVSA-2008:197

MANDRIVA - MDVSA-2008:173

MANDRIVA - MDVSA-2008:089

DEBIAN - DSA-1606

SECTRACK - 1019893

GENTOO - GLSA-200804-18

SECUNIA - 31035

SECUNIA - 30717

FEDORA - FEDORA-2008-3312

XF - xpdf-pdf-code-execution(41884)

REDHAT - RHSA-2008:0262

SECUNIA - 30033

SECUNIA - 30019

SECUNIA - 29885

SECUNIA - 29884

SECUNIA - 29869

SECUNIA - 29868

SECUNIA - 29853

SECUNIA - 29851

SECUNIA - 29836

SECUNIA - 29834

SECUNIA - 29816

SUSE - SUSE-SR:2008:011

Related Patches

Novell SUSE 2008:5186 poppler security update for SLE 10 SP1 i586

Novell SUSE 2008:5201 cups security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:47:38