PT-2008-3238 · Poppler+1 · Poppler+1

Published

2008-04-17

Updated

2024-06-15

CVE-2008-1693

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Poppler versions prior to 0.8.0

Description The issue is related to the improper handling of embedded fonts in PDF files by the CairoFont::create function. This allows remote attackers to execute arbitrary code via a crafted font object, specifically through dereferencing a function pointer associated with the type of this font object. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited.

Recommendations For Poppler versions prior to 0.8.0, update to version 0.8.0 or later to resolve the issue. As a temporary workaround, consider restricting the handling of embedded fonts in PDF files until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-1693

DSA-1548-1

DSA-1606-1

OPENSUSE-SU-2024:10707-1

RHSA-2008:0238

RHSA-2008:0239

RHSA-2008:0240

RHSA-2008:0262

RHSA-2008_0238

RHSA-2008_0239

RHSA-2008_0240

RHSA-2008_0262

Affected Products

Poppler

Red Hat

PT-2008-3238 · Poppler+1 · Poppler+1

CVE-2008-1693

Weakness Enumeration

Related Identifiers

Affected Products

References · 64