what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2008-1693

Status Candidate

Overview

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

Related Files

Mandriva Linux Security Advisory 2008-197
Posted Sep 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened. This vulnerability also affected KOffice, so the updated packages have been patched to correct this issue. A file conflicts existed between one of the library packages and the koffice-devel package which prevented successful upgrades if koffice-devel was previously installed. This update removes the conflicting file from koffice-devel.

tags | advisory, arbitrary
systems | linux, ubuntu, mandriva
advisories | CVE-2008-1693
SHA-256 | 93d0d1738ee01446f6a1baffed0f981ea4f49adbc3b0871cc0b229e33332a306
Mandriva Linux Security Advisory 2008-197
Posted Sep 16, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened. This vulnerability also affected KOffice, so the updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, ubuntu, mandriva
advisories | CVE-2008-1693
SHA-256 | 2c2f5d437212325f501d1d8e343de0b61cc5b52ff949dfe7bce05e9e6ab81604
Mandriva Linux Security Advisory 2008-173
Posted Aug 20, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened. This vulnerability also affected older versions of kpdf, so the updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, ubuntu, mandriva
advisories | CVE-2008-1693
SHA-256 | 2e4eb3a1cfa200aa1553279dcca250c0ce40d9d4b18ec10492b2801603b85743
Debian Linux Security Advisory 1606-1
Posted Jul 10, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1606-1 - It was discovered that poppler, a PDF rendering library, did not properly handle embedded fonts in PDF files, allowing attackers to execute arbitrary code via a crafted font object.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2008-1693
SHA-256 | ab8a5372e6778b4db0da5898c993eeb5fd38998980796a0fe4f9d00e108686fd
Mandriva Linux Security Advisory 2008-089
Posted Apr 18, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, ubuntu, mandriva
advisories | CVE-2008-1693
SHA-256 | f9016c9218f56709a1ed4fc7880e117f2a6527018eff22a0a85f38da214f689a
Ubuntu Security Notice 603-2
Posted Apr 17, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 603-2 - USN-603-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for KWord, part of KOffice. It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-1693
SHA-256 | 3fcd5e4740674011b06b40a1ad46454941f4d681ea10dab23af3edfee1e3489b
Ubuntu Security Notice 603-1
Posted Apr 17, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 603-1 - It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2008-1693
SHA-256 | 4f46d3895907df5f8df60181ff60bf2f620bccc8f4737c3354eac9d4b0987e0f
Debian Linux Security Advisory 1548-1
Posted Apr 17, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1548-1 - Kees Cook discovered a vulnerability in xpdf, set set of tools for display and conversion of Portable Document Format (PDF) files.

tags | advisory
systems | linux, debian
advisories | CVE-2008-1693
SHA-256 | 235a47cd18fb9984d68817b8239aad99176bdcef51f920aeff5bcaf305ed06c0
Gentoo Linux Security Advisory 200804-18
Posted Apr 17, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-18:02 - Kees Cook from the Ubuntu Security Team reported that the CairoFont::create() function in the file CairoFontEngine.cc does not verify the type of an embedded font object inside a PDF file before dereferencing a function pointer from it. Versions less than 0.6.3 are affected.

tags | advisory
systems | linux, gentoo, ubuntu
advisories | CVE-2008-1693
SHA-256 | ae9a60cc3da4430f6ca0967bccd1d1da37676c2acea84b5f512ec8df953eb6b5
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close