Lucene search

K

[email protected]CVE-2008-1693

HistoryApr 18, 2008 - 3:05 p.m.

CVE-2008-1693

2008-04-1815:05:00

CWE-20

[email protected]

web.nvd.nist.gov

30

cve-2008-1693

cairofont::create

poppler

xpdf

evince

epdfview

kword

font object

pdf

arbitrary code

security vulnerability

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.131 Low

EPSS

Percentile

95.5%

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

CPENameOperatorVersion
poppler:popplerpopplereq0.3.2
poppler:popplerpopplereq0.4.0
poppler:popplerpopplereq0.7.1
poppler:popplerpopplereq0.6.1
poppler:popplerpopplereq0.3.1
poppler:popplerpopplereq0.5.2
poppler:popplerpopplereq0.5.91
poppler:popplerpopplereq0.6.0
poppler:popplerpopplereq0.3.3
poppler:popplerpopplereq0.4.2

Rows per page:

1-10 of 291

References

lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html

secunia.com/advisories/29816

secunia.com/advisories/29834

secunia.com/advisories/29836

secunia.com/advisories/29851

secunia.com/advisories/29853

secunia.com/advisories/29868

secunia.com/advisories/29869

secunia.com/advisories/29884

secunia.com/advisories/29885

secunia.com/advisories/30019

secunia.com/advisories/30033

secunia.com/advisories/30717

secunia.com/advisories/31035

security.gentoo.org/glsa/glsa-200804-18.xml

securitytracker.com/id?1019893

www.debian.org/security/2008/dsa-1548

www.debian.org/security/2008/dsa-1606

www.mandriva.com/security/advisories?name=MDVSA-2008:089

www.mandriva.com/security/advisories?name=MDVSA-2008:173

www.mandriva.com/security/advisories?name=MDVSA-2008:197

www.novell.com/linux/security/advisories/2008_13_sr.html

www.redhat.com/support/errata/RHSA-2008-0238.html

www.redhat.com/support/errata/RHSA-2008-0239.html

www.redhat.com/support/errata/RHSA-2008-0240.html

www.redhat.com/support/errata/RHSA-2008-0262.html

www.securityfocus.com/bid/28830

www.ubuntu.com/usn/usn-603-1

www.ubuntu.com/usn/usn-603-2

www.vupen.com/english/advisories/2008/1265/references

www.vupen.com/english/advisories/2008/1266/references

exchange.xforce.ibmcloud.com/vulnerabilities/41884

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226

www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.131 Low

EPSS

Percentile

95.5%

Related for CVE-2008-1693

openvas37 redhat4 debian2 nessus29 debiancve1 ubuntu2 osv2 oraclelinux4 centos4 seebug1 veracode1 gentoo1 securityvulns2 prion1 ubuntucve1 fedora1