CVE-2008-1693 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1693
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1693

Description: The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41884 UBUNTU http://www.ubuntu.com/usn/usn-603-2 http://www.ubuntu.com/usn/usn-603-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://www.novell.com/linux/security/advisories/2008_13_sr.html ST 1019893 SAID Secunia Advisory: SA30717 Secunia Advisory: SA30019 Secunia Advisory: SA30033 Secunia Advisory: SA29885 Secunia Advisory: SA29884 Secunia Advisory: SA29869 Secunia Advisory: SA29868 Secunia Advisory: SA29836 Secunia Advisory: SA29834 Secunia Advisory: SA29816 Secunia Advisory: SA29853 Secunia Advisory: SA29851 Secunia Advisory: SA31035 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0262.html http://www.redhat.com/support/errata/RHSA-2008-0240.html http://www.redhat.com/support/errata/RHSA-2008-0238.html http://www.redhat.com/support/errata/RHSA-2008-0239.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:173 http://www.mandriva.com/security/advisories?name=MDVSA-2008:197 http://www.mandriva.com/security/advisories?name=MDVSA-2008:089 GENTOO http://security.gentoo.org/glsa/glsa-200804-18.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1606 http://www.debian.org/security/2008/dsa-1548 BID 28830

Return to the previous page.