Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2950

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2950
Last Modified 26 Nov 2012 10:48:15
Published 07 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2950

Summary

The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.

Vulnerable Systems

Application

  • Poppler 0.8.4


References

FEDORA - FEDORA-2008-7104

XF - poppler-page-destructor-code-execution(43619)

VUPEN - ADV-2008-2024

UBUNTU - USN-631-1

SECTRACK - 1020435

BID - 30107

BUGTRAQ - 20080709 rPSA-2008-0223-1 poppler

BUGTRAQ - 20080707 [oCERT-2008-007] libpoppler uninitialized pointer

MISC - http://www.ocert.org/advisories/ocert-2008-007.html

MILW0RM - 6032

MANDRIVA - MDVSA-2008:146

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0223

SREASON - 3977

GENTOO - GLSA-200807-04

SECUNIA - 31405

SECUNIA - 31267

SECUNIA - 31002

SECUNIA - 30963

SUSE - SUSE-SR:2008:015

SECUNIA - 31167


Last Updated: 27 May 2016 10:49:51