Vulnonym.org

CVE-2008-1693 - Humectant Screw

Description

The CairoFont::create function in CairoFontEngine.cc in Poppler possibly before 0.8.0 as used in Xpdf Evince ePDFview KWord and other applications does not properly handle embedded fonts in PDF files which allows remote attackers to execute arbitrary code via a crafted font object related to dereferencing a function pointer associated with the type of this font object.

Reference

http://www.debian.org/security/2008/dsa-1548 http://security.gentoo.org/glsa/glsa-200804-18.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:089 http://www.redhat.com/support/errata/RHSA-2008-0238.html http://www.redhat.com/support/errata/RHSA-2008-0239.html http://www.redhat.com/support/errata/RHSA-2008-0240.html http://www.ubuntu.com/usn/usn-603-1 http://www.ubuntu.com/usn/usn-603-2 http://www.securityfocus.com/bid/28830 http://securitytracker.com/id?1019893 http://secunia.com/advisories/29851 http://secunia.com/advisories/29853 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html http://www.redhat.com/support/errata/RHSA-2008-0262.html http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/29816 http://secunia.com/advisories/29834 http://secunia.com/advisories/29836 http://secunia.com/advisories/29868 http://secunia.com/advisories/29869 http://secunia.com/advisories/29884 http://secunia.com/advisories/29885 http://secunia.com/advisories/30033 http://secunia.com/advisories/30019 http://secunia.com/advisories/30717 http://secunia.com/advisories/31035 http://www.debian.org/security/2008/dsa-1606 http://www.novell.com/linux/security/advisories/2008_13_sr.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:173 http://www.mandriva.com/security/advisories?name=MDVSA-2008:197 http://www.vupen.com/english/advisories/2008/1266/references http://www.vupen.com/english/advisories/2008/1265/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41884 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226