CVE-2008-2950 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-2950
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2950

Description: The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/43619 UBUNTU http://www.ubuntu.com/usn/usn-631-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html ST 1020435 SREASON http://securityreason.com/securityalert/3977 SAID Secunia Advisory: SA30963 Secunia Advisory: SA31002 Secunia Advisory: SA31267 Secunia Advisory: SA31405 MISC http://www.ocert.org/advisories/ocert-2008-007.html MILW0RM http://www.milw0rm.com/exploits/6032 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:146 GENTOO http://security.gentoo.org/glsa/glsa-200807-04.xml FEDORA CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0223 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/494142/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/493980/100/0/threaded BID 30107

Return to the previous page.