Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-1693

Published: 18/04/2008 Updated: 29/09/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Poppler

Vulnerability Summary

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly prior to 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote malicious users to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

Vulnerable Product Search on Vulmon Subscribe to Product

poppler poppler 0.1

poppler poppler 0.1.1

poppler poppler 0.4.0

poppler poppler 0.4.1

poppler poppler 0.5.3

poppler poppler 0.5.4

poppler poppler 0.7.0

poppler poppler 0.7.1

poppler poppler 0.1.2

poppler poppler 0.2.0

poppler poppler 0.4.2

poppler poppler 0.4.3

poppler poppler 0.5.9

poppler poppler 0.5.91

poppler poppler 0.7.2

poppler poppler

poppler poppler 0.3.0

poppler poppler 0.3.1

poppler poppler 0.4.4

poppler poppler 0.5.0

poppler poppler 0.6.0

poppler poppler 0.6.1

poppler poppler 0.6.2

poppler poppler 0.3.2

poppler poppler 0.3.3

poppler poppler 0.5.1

poppler poppler 0.5.2

poppler poppler 0.6.3

poppler poppler 0.6.4

Vendor Advisories

Ubuntu Security Notice: koffice vulnerability
USN-603-1 fixed vulnerabilities in poppler This update provides the corresponding updates for KWord, part of KOffice ...
Ubuntu Security Notice: poppler vulnerability
It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges ...
Debian Security Advisories: DSA-1548-1 xpdf -- several vulnerabilities
Kees Cook discovered a vulnerability in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files The Common Vulnerabilities and Exposures project identifies the following problem: CVE-2008-1693 Xpdf's handling of embedded fonts lacks sufficient validation and type checking If a maliciously crafted PDF file ...
Debian CVElist Bug Report Logs: poppler: CVE-2008-1693 arbitrary code execution via a crafted font object
Debian Bug report logs - #476842 poppler: CVE-2008-1693 arbitrary code execution via a crafted font object Package: poppler; Maintainer for poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Nico Golde <nion@debianorg> Date: Sat, 19 Apr 2008 14:24:01 UTC ...
Debian CVElist Bug Report Logs: poppler: CVE-2008-2950 arbitrary code execution
Debian Bug report logs - #489756 poppler: CVE-2008-2950 arbitrary code execution Package: libpoppler3; Maintainer for libpoppler3 is (unknown); Reported by: Nico Golde <nion@debianorg> Date: Mon, 7 Jul 2008 15:33:18 UTC Severity: grave Tags: patch, security Fixed in versions 082-2+lenny1, poppler/084-11 Done: Nico ...

References

CWE-20http://www.debian.org/security/2008/dsa-1548http://security.gentoo.org/glsa/glsa-200804-18.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:089http://www.redhat.com/support/errata/RHSA-2008-0238.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0239.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0240.htmlhttp://www.ubuntu.com/usn/usn-603-1http://www.ubuntu.com/usn/usn-603-2http://www.securityfocus.com/bid/28830http://securitytracker.com/id?1019893http://secunia.com/advisories/29851http://secunia.com/advisories/29853https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0262.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.htmlhttp://secunia.com/advisories/29816http://secunia.com/advisories/29834http://secunia.com/advisories/29836http://secunia.com/advisories/29868http://secunia.com/advisories/29869http://secunia.com/advisories/29884http://secunia.com/advisories/29885http://secunia.com/advisories/30033http://secunia.com/advisories/30019http://secunia.com/advisories/30717http://secunia.com/advisories/31035http://www.debian.org/security/2008/dsa-1606http://www.novell.com/linux/security/advisories/2008_13_sr.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:173http://www.mandriva.com/security/advisories?name=MDVSA-2008:197http://www.vupen.com/english/advisories/2008/1266/referenceshttp://www.vupen.com/english/advisories/2008/1265/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41884https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226https://nvd.nist.govhttps://usn.ubuntu.com/603-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook