Vulnerability Details : CVE-2008-1693
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
Vulnerability category: Execute code
Products affected by CVE-2008-1693
- cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1693
6.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1693
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2008-1693
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1693
-
http://www.debian.org/security/2008/dsa-1548
[SECURITY] [DSA 1548-1] New xpdf packages fix arbitrary code exitutionPatch
-
http://secunia.com/advisories/31035
About Secunia Research | Flexera
-
http://secunia.com/advisories/29868
About Secunia Research | Flexera
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41884
Poppler CairoFont::create code execution CVE-2008-1693 Vulnerability Report
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:089
Mandriva
-
http://secunia.com/advisories/29851
About Secunia Research | Flexera
-
http://www.ubuntu.com/usn/usn-603-1
USN-603-1: poppler vulnerability | Ubuntu security notices | Ubuntu
-
http://secunia.com/advisories/29834
About Secunia Research | Flexera
-
http://www.redhat.com/support/errata/RHSA-2008-0238.html
Support
-
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
[security-announce] SUSE Security Summary Report SUSE-SR:200?8:011 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://secunia.com/advisories/30019
About Secunia Research | Flexera
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:173
Mandriva
-
http://www.vupen.com/english/advisories/2008/1266/references
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2008-0239.html
Support
-
http://www.debian.org/security/2008/dsa-1606
[SECURITY] [DSA 1606-1] poppler packages fix execution of arbitrary code
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:197
Mandriva
-
http://www.redhat.com/support/errata/RHSA-2008-0262.html
Support
-
http://secunia.com/advisories/29836
About Secunia Research | Flexera
-
http://www.redhat.com/support/errata/RHSA-2008-0240.html
Support
-
http://secunia.com/advisories/29884
About Secunia Research | Flexera
-
http://secunia.com/advisories/30033
About Secunia Research | Flexera
-
http://secunia.com/advisories/29869
About Secunia Research | Flexera
-
http://secunia.com/advisories/29885
About Secunia Research | Flexera
-
http://secunia.com/advisories/30717
About Secunia Research | Flexera
-
http://secunia.com/advisories/29853
About Secunia Research | Flexera
-
http://www.ubuntu.com/usn/usn-603-2
USN-603-2: KOffice vulnerability | Ubuntu security notices | Ubuntu
-
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html
[SECURITY] Fedora 7 Update: poppler-0.5.4-9.fc7
-
http://www.securityfocus.com/bid/28830
-
http://secunia.com/advisories/29816
About Secunia Research | Flexera
-
http://securitytracker.com/id?1019893
Access Denied
-
http://www.vupen.com/english/advisories/2008/1265/references
Site en construction
-
http://www.novell.com/linux/security/advisories/2008_13_sr.html
404 Page Not Found | SUSE
-
http://security.gentoo.org/glsa/glsa-200804-18.xml
Poppler: User-assisted execution of arbitrary code (GLSA 200804-18) — Gentoo security
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226
404 Not Found
Jump to