CVE-2008-1693 Information
Description
The CairoFont::create function in CairoFontEngine.cc in Poppler possibly before 0.8.0 as used in Xpdf Evince ePDFview KWord and other applications does not properly handle embedded fonts in PDF files which allows remote attackers to execute arbitrary code via a crafted font object related to dereferencing a function pointer associated with the type of this font object.
Reference
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/29816 http://secunia.com/advisories/29834 http://secunia.com/advisories/29836 http://secunia.com/advisories/29851 http://secunia.com/advisories/29853 http://secunia.com/advisories/29868 http://secunia.com/advisories/29869 http://secunia.com/advisories/29884 http://secunia.com/advisories/29885 http://secunia.com/advisories/30019 http://secunia.com/advisories/30033 http://secunia.com/advisories/30717 http://secunia.com/advisories/31035 http://security.gentoo.org/glsa/glsa-200804-18.xml http://securitytracker.com/id?1019893 http://www.debian.org/security/2008/dsa-1548 http://www.debian.org/security/2008/dsa-1606 http://www.mandriva.com/security/advisories?name=MDVSA-2008:089 http://www.mandriva.com/security/advisories?name=MDVSA-2008:173 http://www.mandriva.com/security/advisories?name=MDVSA-2008:197 http://www.novell.com/linux/security/advisories/2008_13_sr.html http://www.redhat.com/support/errata/RHSA-2008-0238.html http://www.redhat.com/support/errata/RHSA-2008-0239.html http://www.redhat.com/support/errata/RHSA-2008-0240.html http://www.redhat.com/support/errata/RHSA-2008-0262.html http://www.securityfocus.com/bid/28830 http://www.ubuntu.com/usn/usn-603-1 http://www.ubuntu.com/usn/usn-603-2 http://www.vupen.com/english/advisories/2008/1265/references http://www.vupen.com/english/advisories/2008/1266/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41884 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11226 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html
Share on: