CVE-2008-2950 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Vendor	Product	Version
poppler	poppler	𝑥 ≤ 0.8.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

poppler

bullseye (security)	20.09.0-3.1+deb11u1 fixed
bullseye	20.09.0-3.1+deb11u1 fixed
etch	not-affected
bookworm	22.12.0-2 fixed
sid	24.08.0-3 fixed
trixie	24.08.0-3 fixed

xpdf

bullseye	3.04+git20210103-3 fixed
etch	not-affected
bookworm	3.04+git20220601-1 fixed
sid	3.04+git20240613-1 fixed
trixie	3.04+git20240613-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

gpdf

karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	dne
feisty	dne
dapper	ignored

ipe

karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	not-affected
gutsy	ignored
feisty	ignored
dapper	ignored

kdegraphics

karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	not-affected
gutsy	not-affected
feisty	not-affected
dapper	not-affected

koffice

karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	not-affected
gutsy	not-affected
feisty	not-affected
dapper	not-affected

libextractor

karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	not-affected
gutsy	ignored
feisty	ignored
dapper	ignored

pdfkit.framework

karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	dne
feisty	ignored
dapper	ignored

pdftohtml

karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	dne
feisty	ignored
dapper	ignored

poppler

karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	Fixed 0.6.4-1ubuntu3.1 released
gutsy	Fixed 0.6-0ubuntu2.3 released
feisty	not-affected
dapper	not-affected

tetex-bin

karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	dne
feisty	not-affected
dapper	not-affected

texlive-bin

karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	not-affected
gutsy	not-affected
feisty	not-affected
dapper	dne

xpdf

karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	not-affected
gutsy	not-affected
feisty	not-affected
dapper	not-affected

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html

http://secunia.com/advisories/30963

http://secunia.com/advisories/31002

http://secunia.com/advisories/31167

http://secunia.com/advisories/31267

http://secunia.com/advisories/31405

http://security.gentoo.org/glsa/glsa-200807-04.xml

http://securityreason.com/securityalert/3977

http://wiki.rpath.com/Advisories:rPSA-2008-0223

http://www.mandriva.com/security/advisories?name=MDVSA-2008:146

http://www.ocert.org/advisories/ocert-2008-007.html

http://www.securityfocus.com/archive/1/493980/100/0/threaded

http://www.securityfocus.com/archive/1/494142/100/0/threaded

http://www.securityfocus.com/bid/30107

http://www.securitytracker.com/id?1020435

http://www.ubuntu.com/usn/usn-631-1

http://www.vupen.com/english/advisories/2008/2024/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/43619

https://www.exploit-db.com/exploits/6032

https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00161.html

http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html

http://secunia.com/advisories/30963

http://secunia.com/advisories/31002

http://secunia.com/advisories/31167

http://secunia.com/advisories/31267

http://secunia.com/advisories/31405

http://security.gentoo.org/glsa/glsa-200807-04.xml

http://securityreason.com/securityalert/3977

http://wiki.rpath.com/Advisories:rPSA-2008-0223

http://www.mandriva.com/security/advisories?name=MDVSA-2008:146

http://www.ocert.org/advisories/ocert-2008-007.html

http://www.securityfocus.com/archive/1/493980/100/0/threaded

http://www.securityfocus.com/archive/1/494142/100/0/threaded

http://www.securityfocus.com/bid/30107

http://www.securitytracker.com/id?1020435

http://www.ubuntu.com/usn/usn-631-1

http://www.vupen.com/english/advisories/2008/2024/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/43619

https://www.exploit-db.com/exploits/6032

https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00161.html