CVE-2008-1693

EUVD-2008-1694
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
popplerpoppler
𝑥
≤ 0.7.3
popplerpoppler
0.1
popplerpoppler
0.1.1
popplerpoppler
0.1.2
popplerpoppler
0.2.0
popplerpoppler
0.3.0
popplerpoppler
0.3.1
popplerpoppler
0.3.2
popplerpoppler
0.3.3
popplerpoppler
0.4.0
popplerpoppler
0.4.1
popplerpoppler
0.4.2
popplerpoppler
0.4.3
popplerpoppler
0.4.4
popplerpoppler
0.5.0
popplerpoppler
0.5.1
popplerpoppler
0.5.2
popplerpoppler
0.5.3
popplerpoppler
0.5.4
popplerpoppler
0.5.9
popplerpoppler
0.5.91
popplerpoppler
0.6.0
popplerpoppler
0.6.1
popplerpoppler
0.6.2
popplerpoppler
0.6.3
popplerpoppler
0.6.4
popplerpoppler
0.7.0
popplerpoppler
0.7.1
popplerpoppler
0.7.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
poppler
bookworm
22.12.0-2
fixed
bullseye
20.09.0-3.1+deb11u1
fixed
bullseye (security)
20.09.0-3.1+deb11u1
fixed
sid
24.08.0-3
fixed
trixie
24.08.0-3
fixed
texlive-base
bookworm
2022.20230122-3
fixed
bullseye
2020.20210202-3
fixed
sid
2024.20241102-1
fixed
trixie
2024.20240829-2
fixed
texlive-bin
bookworm
2022.20220321.62855-5.1+deb12u1
fixed
bullseye
2020.20200327.54578-7+deb11u1
fixed
bullseye (security)
2020.20200327.54578-7+deb11u2
fixed
sid
2024.20240313.70630+ds-5
fixed
trixie
2024.20240313.70630+ds-4
fixed
xpdf
bookworm
3.04+git20220601-1
fixed
bullseye
3.04+git20210103-3
fixed
sid
3.04+git20240613-1
fixed
trixie
3.04+git20240613-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gpdf
dapper
ignored
edgy
ignored
feisty
dne
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
ipe
dapper
not-affected
edgy
not-affected
feisty
not-affected
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
kdegraphics
dapper
not-affected
edgy
not-affected
feisty
not-affected
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
koffice
dapper
Fixed 1:1.5.0-0ubuntu9.4
released
edgy
Fixed 1:1.5.2-0ubuntu2.4
released
feisty
Fixed 1:1.6.2-0ubuntu1.3
released
gutsy
Fixed 1:1.6.3-0ubuntu5.2
released
hardy
Fixed 1:1.6.3-4ubuntu7
released
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
libextractor
dapper
ignored
edgy
ignored
feisty
ignored
gutsy
ignored
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
pdfkit.framework
dapper
ignored
edgy
ignored
feisty
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
pdftohtml
dapper
ignored
edgy
ignored
feisty
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
poppler
dapper
Fixed 0.5.1-0ubuntu7.4
released
edgy
Fixed 0.5.4-0ubuntu4.4
released
feisty
Fixed 0.5.4-0ubuntu8.3
released
gutsy
Fixed 0.6-0ubuntu2.2
released
hardy
Fixed 0.6.4-1ubuntu1
released
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
tetex-bin
dapper
not-affected
edgy
not-affected
feisty
not-affected
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
texlive-bin
dapper
dne
edgy
not-affected
feisty
not-affected
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
xpdf
dapper
ignored
edgy
ignored
feisty
ignored
gutsy
ignored
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://secunia.com/advisories/29816
http://secunia.com/advisories/29834
http://secunia.com/advisories/29836
http://secunia.com/advisories/29851
http://secunia.com/advisories/29853
http://secunia.com/advisories/29868
http://secunia.com/advisories/29869
http://secunia.com/advisories/29884
http://secunia.com/advisories/29885
http://secunia.com/advisories/30019
http://secunia.com/advisories/30033
http://secunia.com/advisories/30717
http://secunia.com/advisories/31035
http://security.gentoo.org/glsa/glsa-200804-18.xml
http://securitytracker.com/id?1019893
http://www.debian.org/security/2008/dsa-1548
http://www.debian.org/security/2008/dsa-1606
http://www.mandriva.com/security/advisories?name=MDVSA-2008:089
http://www.mandriva.com/security/advisories?name=MDVSA-2008:173
http://www.mandriva.com/security/advisories?name=MDVSA-2008:197
http://www.novell.com/linux/security/advisories/2008_13_sr.html
http://www.redhat.com/support/errata/RHSA-2008-0238.html
http://www.redhat.com/support/errata/RHSA-2008-0239.html
http://www.redhat.com/support/errata/RHSA-2008-0240.html
http://www.redhat.com/support/errata/RHSA-2008-0262.html
http://www.securityfocus.com/bid/28830
http://www.ubuntu.com/usn/usn-603-1
http://www.ubuntu.com/usn/usn-603-2
http://www.vupen.com/english/advisories/2008/1265/references
http://www.vupen.com/english/advisories/2008/1266/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41884
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://secunia.com/advisories/29816
http://secunia.com/advisories/29834
http://secunia.com/advisories/29836
http://secunia.com/advisories/29851
http://secunia.com/advisories/29853
http://secunia.com/advisories/29868
http://secunia.com/advisories/29869
http://secunia.com/advisories/29884
http://secunia.com/advisories/29885
http://secunia.com/advisories/30019
http://secunia.com/advisories/30033
http://secunia.com/advisories/30717
http://secunia.com/advisories/31035
http://security.gentoo.org/glsa/glsa-200804-18.xml
http://securitytracker.com/id?1019893
http://www.debian.org/security/2008/dsa-1548
http://www.debian.org/security/2008/dsa-1606
http://www.mandriva.com/security/advisories?name=MDVSA-2008:089
http://www.mandriva.com/security/advisories?name=MDVSA-2008:173
http://www.mandriva.com/security/advisories?name=MDVSA-2008:197
http://www.novell.com/linux/security/advisories/2008_13_sr.html
http://www.redhat.com/support/errata/RHSA-2008-0238.html
http://www.redhat.com/support/errata/RHSA-2008-0239.html
http://www.redhat.com/support/errata/RHSA-2008-0240.html
http://www.redhat.com/support/errata/RHSA-2008-0262.html
http://www.securityfocus.com/bid/28830
http://www.ubuntu.com/usn/usn-603-1
http://www.ubuntu.com/usn/usn-603-2
http://www.vupen.com/english/advisories/2008/1265/references
http://www.vupen.com/english/advisories/2008/1266/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41884
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html