Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23282

HistoryApr 10, 2020 - 12:21 a.m.

Arbitrary Code Execution

2020-04-1000:21:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

xpdf is vulnerable to arbitrary code execution. The vulnerability exists as in the way xpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or, potentially, execute arbitrary code when opened.

CPENameOperatorVersion
kdegraphicseq3.3.1__6.el4_5
popplereq0.5.4__4.el5
popplereq0.5.4__4.3.el5_1
popplereq0.5.4__4.1.el5
xpdfeq3.00__14.el4
kdegraphicseq3.3.1__6.el4_5
popplereq0.5.4__4.el5
popplereq0.5.4__4.3.el5_1
popplereq0.5.4__4.1.el5
xpdfeq3.00__14.el4

References

lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html

secunia.com/advisories/29816

secunia.com/advisories/29834

secunia.com/advisories/29836

secunia.com/advisories/29851

secunia.com/advisories/29853

secunia.com/advisories/29868

secunia.com/advisories/29869

secunia.com/advisories/29884

secunia.com/advisories/29885

secunia.com/advisories/30019

secunia.com/advisories/30033

secunia.com/advisories/30717

secunia.com/advisories/31035

security.gentoo.org/glsa/glsa-200804-18.xml

securitytracker.com/id?1019893

www.debian.org/security/2008/dsa-1548

www.debian.org/security/2008/dsa-1606

www.mandriva.com/security/advisories?name=MDVSA-2008:089

www.mandriva.com/security/advisories?name=MDVSA-2008:173

www.mandriva.com/security/advisories?name=MDVSA-2008:197

www.novell.com/linux/security/advisories/2008_13_sr.html

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2008-0238.html

www.redhat.com/support/errata/RHSA-2008-0239.html

www.redhat.com/support/errata/RHSA-2008-0240.html

www.redhat.com/support/errata/RHSA-2008-0262.html

www.securityfocus.com/bid/28830

www.ubuntu.com/usn/usn-603-1

www.ubuntu.com/usn/usn-603-2

www.vupen.com/english/advisories/2008/1265/references

www.vupen.com/english/advisories/2008/1266/references

access.redhat.com/errata/RHSA-2008:0238

exchange.xforce.ibmcloud.com/vulnerabilities/41884

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226

www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

Related for VERACODE:23282

openvas37 redhat4 debian2 nessus29 debiancve1 ubuntu2 osv2 oraclelinux4 centos4 seebug1 cve1 gentoo1 securityvulns2 prion1 ubuntucve1 fedora1