CVE-2008-1693

Source
https://nvd.nist.gov/vuln/detail/CVE-2008-1693
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2008-1693.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2008-1693
Related
Published
2008-04-18T15:05:00Z
Modified
2024-09-11T02:00:04Z
Summary
[none]
Details

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

References

Affected packages

Debian:11 / poppler

Package

Name
poppler
Purl
pkg:deb/debian/poppler?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / poppler

Package

Name
poppler
Purl
pkg:deb/debian/poppler?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / poppler

Package

Name
poppler
Purl
pkg:deb/debian/poppler?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / xpdf

Package

Name
xpdf
Purl
pkg:deb/debian/xpdf?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.02

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / xpdf

Package

Name
xpdf
Purl
pkg:deb/debian/xpdf?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.02

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / xpdf

Package

Name
xpdf
Purl
pkg:deb/debian/xpdf?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.02

Ecosystem specific

{
    "urgency": "not yet assigned"
}