CVE-2008-2950 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Affected Products (NVD)

Vendor	Product	Version
poppler	poppler	𝑥 ≤ 0.8.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

poppler

bookworm	22.12.0-2 fixed
bullseye	20.09.0-3.1+deb11u1 fixed
bullseye (security)	20.09.0-3.1+deb11u1 fixed
etch	not-affected
sid	24.08.0-3 fixed
trixie	24.08.0-3 fixed

xpdf

bookworm	3.04+git20220601-1 fixed
bullseye	3.04+git20210103-3 fixed
etch	not-affected
sid	3.04+git20240613-1 fixed
trixie	3.04+git20240613-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

gpdf

dapper	ignored
feisty	dne
gutsy	dne
hardy	dne
intrepid	dne
jaunty	dne
karmic	dne

ipe

dapper	ignored
feisty	ignored
gutsy	ignored
hardy	not-affected
intrepid	not-affected
jaunty	not-affected
karmic	not-affected

kdegraphics

dapper	not-affected
feisty	not-affected
gutsy	not-affected
hardy	not-affected
intrepid	not-affected
jaunty	not-affected
karmic	not-affected

koffice

dapper	not-affected
feisty	not-affected
gutsy	not-affected
hardy	not-affected
intrepid	not-affected
jaunty	not-affected
karmic	not-affected

libextractor

dapper	ignored
feisty	ignored
gutsy	ignored
hardy	not-affected
intrepid	not-affected
jaunty	not-affected
karmic	not-affected

pdfkit.framework

dapper	ignored
feisty	ignored
gutsy	dne
hardy	dne
intrepid	dne
jaunty	dne
karmic	dne

pdftohtml

dapper	ignored
feisty	ignored
gutsy	dne
hardy	dne
intrepid	dne
jaunty	dne
karmic	dne

poppler

dapper	not-affected
feisty	not-affected
gutsy	Fixed 0.6-0ubuntu2.3 released
hardy	Fixed 0.6.4-1ubuntu3.1 released
intrepid	not-affected
jaunty	not-affected
karmic	not-affected

tetex-bin

dapper	not-affected
feisty	not-affected
gutsy	dne
hardy	dne
intrepid	dne
jaunty	dne
karmic	dne

texlive-bin

dapper	dne
feisty	not-affected
gutsy	not-affected
hardy	not-affected
intrepid	not-affected
jaunty	not-affected
karmic	not-affected

xpdf

dapper	not-affected
feisty	not-affected
gutsy	not-affected
hardy	not-affected
intrepid	not-affected
jaunty	not-affected
karmic	not-affected

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html

http://secunia.com/advisories/30963

http://secunia.com/advisories/31002

http://secunia.com/advisories/31167

http://secunia.com/advisories/31267

http://secunia.com/advisories/31405

http://security.gentoo.org/glsa/glsa-200807-04.xml

http://securityreason.com/securityalert/3977

http://wiki.rpath.com/Advisories:rPSA-2008-0223

http://www.mandriva.com/security/advisories?name=MDVSA-2008:146

http://www.ocert.org/advisories/ocert-2008-007.html

http://www.securityfocus.com/archive/1/493980/100/0/threaded

http://www.securityfocus.com/archive/1/494142/100/0/threaded

http://www.securityfocus.com/bid/30107

http://www.securitytracker.com/id?1020435

http://www.ubuntu.com/usn/usn-631-1

http://www.vupen.com/english/advisories/2008/2024/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/43619

https://www.exploit-db.com/exploits/6032

https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00161.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html

http://secunia.com/advisories/30963

http://secunia.com/advisories/31002

http://secunia.com/advisories/31167

http://secunia.com/advisories/31267

http://secunia.com/advisories/31405

http://security.gentoo.org/glsa/glsa-200807-04.xml

http://securityreason.com/securityalert/3977

http://wiki.rpath.com/Advisories:rPSA-2008-0223

http://www.mandriva.com/security/advisories?name=MDVSA-2008:146

http://www.ocert.org/advisories/ocert-2008-007.html

http://www.securityfocus.com/archive/1/493980/100/0/threaded

http://www.securityfocus.com/archive/1/494142/100/0/threaded

http://www.securityfocus.com/bid/30107

http://www.securitytracker.com/id?1020435

http://www.ubuntu.com/usn/usn-631-1

http://www.vupen.com/english/advisories/2008/2024/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/43619

https://www.exploit-db.com/exploits/6032

https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00161.html