6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.095 Low
EPSS
Percentile
94.7%
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly
before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other
applications, does not properly handle embedded fonts in PDF files, which
allows remote attackers to execute arbitrary code via a crafted font
object, related to dereferencing a function pointer associated with the
type of this font object.
Author | Note |
---|---|
kees | there are two issues โ the specific vulnerability in embedded fonts and the fact that the Object types are unchecked when calling union member functions. |
fujitsu | libextractor isnโt affected by the main CairoFont vulnerability. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | koffice | <ย 1:1.5.0-0ubuntu9.4 | UNKNOWN |
ubuntu | 6.10 | noarch | koffice | <ย 1:1.5.2-0ubuntu2.4 | UNKNOWN |
ubuntu | 7.04 | noarch | koffice | <ย 1:1.6.2-0ubuntu1.3 | UNKNOWN |
ubuntu | 7.10 | noarch | koffice | <ย 1:1.6.3-0ubuntu5.2 | UNKNOWN |
ubuntu | 8.04 | noarch | koffice | <ย 1:1.6.3-4ubuntu7 | UNKNOWN |
ubuntu | 6.06 | noarch | poppler | <ย 0.5.1-0ubuntu7.4 | UNKNOWN |
ubuntu | 6.10 | noarch | poppler | <ย 0.5.4-0ubuntu4.4 | UNKNOWN |
ubuntu | 7.04 | noarch | poppler | <ย 0.5.4-0ubuntu8.3 | UNKNOWN |
ubuntu | 7.10 | noarch | poppler | <ย 0.6-0ubuntu2.2 | UNKNOWN |
ubuntu | 8.04 | noarch | poppler | <ย 0.6.4-1ubuntu1 | UNKNOWN |