[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108741

 
 

909

 
 

85475

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-1693Date: (C)2008-04-18   (M)2018-06-02


The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 6.8
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1019893
BID-28830
SECUNIA-29816
SECUNIA-29834
SECUNIA-29836
SECUNIA-29851
SECUNIA-29853
SECUNIA-29868
SECUNIA-29869
SECUNIA-29884
SECUNIA-29885
SECUNIA-30019
SECUNIA-30033
SECUNIA-30717
SECUNIA-31035
ADV-2008-1265
ADV-2008-1266
DSA-1548
DSA-1606
FEDORA-2008-3312
GLSA-200804-18
MDVSA-2008:089
MDVSA-2008:173
MDVSA-2008:197
RHSA-2008:0238
RHSA-2008:0239
RHSA-2008:0240
RHSA-2008:0262
SUSE-SR:2008:011
SUSE-SR:2008:013
USN-603-1
USN-603-2
xpdf-pdf-code-execution(41884)

CWE    1
CWE-20
OVAL    4
oval:org.mitre.oval:def:7493
oval:org.mitre.oval:def:8219
oval:org.secpod.oval:def:301382
oval:org.secpod.oval:def:301500
...

© SecPod Technologies