[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-2950Date: (C)2008-07-07   (M)2024-01-04


The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1020435
http://www.securityfocus.com/archive/1/493980/100/0/threaded
http://www.securityfocus.com/archive/1/494142/100/0/threaded
BID-30107
SECUNIA-30963
SECUNIA-31002
SECUNIA-31167
SECUNIA-31267
SECUNIA-31405
SREASON-3977
EXPLOIT-DB-6032
ADV-2008-2024
FEDORA-2008-7104
GLSA-200807-04
MDVSA-2008:146
SUSE-SR:2008:015
USN-631-1
http://wiki.rpath.com/Advisories:rPSA-2008-0223
http://www.ocert.org/advisories/ocert-2008-007.html
poppler-page-destructor-code-execution(43619)

CPE    1
cpe:/a:poppler:poppler
CWE    1
CWE-94
OVAL    2
oval:org.secpod.oval:def:301417
oval:org.secpod.oval:def:101562

© SecPod Technologies