Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2008-2950

Published: 07/07/2008 Updated: 11/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Poppler

Vulnerability Summary

The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and previous versions deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote malicious users to execute arbitrary code via a crafted PDF document.

Vulnerable Product Search on Vulmon Subscribe to Product

poppler poppler

Vendor Advisories

Debian CVElist Bug Report Logs: poppler: CVE-2008-2950 arbitrary code execution
Debian Bug report logs - #489756 poppler: CVE-2008-2950 arbitrary code execution Package: libpoppler3; Maintainer for libpoppler3 is (unknown); Reported by: Nico Golde <nion@debianorg> Date: Mon, 7 Jul 2008 15:33:18 UTC Severity: grave Tags: patch, security Fixed in versions 082-2+lenny1, poppler/084-11 Done: Nico ...
Ubuntu Security Notice: poppler vulnerability
Felipe Andres Manzano discovered that poppler did not correctly initialize certain page widgets If a user were tricked into viewing a malicious PDF file, a remote attacker could exploit this to crash applications linked against poppler, leading to a denial of service ...

Exploits

Exploit DB: Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution
########################################################################## #### Felipe Andres Manzano * fmanzano@fceiaunreduar #### #### updates in felipeandresmanzanogooglepagescom/home #### ########################################################################## ''' Sumary: ======= The libpoppler pdf renderin ...
Exploit DB: poppler-poc.txt
The libpoppler pdf rendering library can free uninitialized pointers leading to arbitrary code execution This vulnerability results from memory management bugs in the Page class constructor/destructor Proof of concept code included ...

References

CWE-94http://www.ocert.org/advisories/ocert-2008-007.htmlhttp://secunia.com/advisories/30963http://www.securityfocus.com/bid/30107http://www.securitytracker.com/id?1020435http://www.ubuntu.com/usn/usn-631-1http://secunia.com/advisories/31002http://secunia.com/advisories/31267http://secunia.com/advisories/31405http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:146https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00161.htmlhttp://security.gentoo.org/glsa/glsa-200807-04.xmlhttp://wiki.rpath.com/Advisories:rPSA-2008-0223http://securityreason.com/securityalert/3977http://www.vupen.com/english/advisories/2008/2024/referenceshttp://secunia.com/advisories/31167https://exchange.xforce.ibmcloud.com/vulnerabilities/43619https://www.exploit-db.com/exploits/6032http://www.securityfocus.com/archive/1/494142/100/0/threadedhttp://www.securityfocus.com/archive/1/493980/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489756https://usn.ubuntu.com/631-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/6032/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook