exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2008-1693

Status Candidate

Overview

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

Related Files

Mandriva Linux Security Advisory 2008-197
Posted Sep 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened. This vulnerability also affected KOffice, so the updated packages have been patched to correct this issue. A file conflicts existed between one of the library packages and the koffice-devel package which prevented successful upgrades if koffice-devel was previously installed. This update removes the conflicting file from koffice-devel.

tags | advisory, arbitrary
systems | linux, ubuntu, mandriva
advisories | CVE-2008-1693
SHA-256 | 93d0d1738ee01446f6a1baffed0f981ea4f49adbc3b0871cc0b229e33332a306
Mandriva Linux Security Advisory 2008-197
Posted Sep 16, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened. This vulnerability also affected KOffice, so the updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, ubuntu, mandriva
advisories | CVE-2008-1693
SHA-256 | 2c2f5d437212325f501d1d8e343de0b61cc5b52ff949dfe7bce05e9e6ab81604
Mandriva Linux Security Advisory 2008-173
Posted Aug 20, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened. This vulnerability also affected older versions of kpdf, so the updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, ubuntu, mandriva
advisories | CVE-2008-1693
SHA-256 | 2e4eb3a1cfa200aa1553279dcca250c0ce40d9d4b18ec10492b2801603b85743
Debian Linux Security Advisory 1606-1
Posted Jul 10, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1606-1 - It was discovered that poppler, a PDF rendering library, did not properly handle embedded fonts in PDF files, allowing attackers to execute arbitrary code via a crafted font object.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2008-1693
SHA-256 | ab8a5372e6778b4db0da5898c993eeb5fd38998980796a0fe4f9d00e108686fd
Mandriva Linux Security Advisory 2008-089
Posted Apr 18, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, ubuntu, mandriva
advisories | CVE-2008-1693
SHA-256 | f9016c9218f56709a1ed4fc7880e117f2a6527018eff22a0a85f38da214f689a
Ubuntu Security Notice 603-2
Posted Apr 17, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 603-2 - USN-603-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for KWord, part of KOffice. It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-1693
SHA-256 | 3fcd5e4740674011b06b40a1ad46454941f4d681ea10dab23af3edfee1e3489b
Ubuntu Security Notice 603-1
Posted Apr 17, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 603-1 - It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-1693
SHA-256 | 4f46d3895907df5f8df60181ff60bf2f620bccc8f4737c3354eac9d4b0987e0f
Debian Linux Security Advisory 1548-1
Posted Apr 17, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1548-1 - Kees Cook discovered a vulnerability in xpdf, set set of tools for display and conversion of Portable Document Format (PDF) files.

tags | advisory
systems | linux, debian
advisories | CVE-2008-1693
SHA-256 | 235a47cd18fb9984d68817b8239aad99176bdcef51f920aeff5bcaf305ed06c0
Gentoo Linux Security Advisory 200804-18
Posted Apr 17, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-18:02 - Kees Cook from the Ubuntu Security Team reported that the CairoFont::create() function in the file CairoFontEngine.cc does not verify the type of an embedded font object inside a PDF file before dereferencing a function pointer from it. Versions less than 0.6.3 are affected.

tags | advisory
systems | linux, gentoo, ubuntu
advisories | CVE-2008-1693
SHA-256 | ae9a60cc3da4430f6ca0967bccd1d1da37676c2acea84b5f512ec8df953eb6b5
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close