7.2 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.131 Low
EPSS
Percentile
95.5%
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
secunia.com/advisories/29816
secunia.com/advisories/29834
secunia.com/advisories/29836
secunia.com/advisories/29851
secunia.com/advisories/29853
secunia.com/advisories/29868
secunia.com/advisories/29869
secunia.com/advisories/29884
secunia.com/advisories/29885
secunia.com/advisories/30019
secunia.com/advisories/30033
secunia.com/advisories/30717
secunia.com/advisories/31035
security.gentoo.org/glsa/glsa-200804-18.xml
securitytracker.com/id?1019893
www.debian.org/security/2008/dsa-1548
www.debian.org/security/2008/dsa-1606
www.mandriva.com/security/advisories?name=MDVSA-2008:089
www.mandriva.com/security/advisories?name=MDVSA-2008:173
www.mandriva.com/security/advisories?name=MDVSA-2008:197
www.novell.com/linux/security/advisories/2008_13_sr.html
www.redhat.com/support/errata/RHSA-2008-0238.html
www.redhat.com/support/errata/RHSA-2008-0239.html
www.redhat.com/support/errata/RHSA-2008-0240.html
www.redhat.com/support/errata/RHSA-2008-0262.html
www.securityfocus.com/bid/28830
www.ubuntu.com/usn/usn-603-1
www.ubuntu.com/usn/usn-603-2
www.vupen.com/english/advisories/2008/1265/references
www.vupen.com/english/advisories/2008/1266/references
exchange.xforce.ibmcloud.com/vulnerabilities/41884
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226
www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html