CVE-2008-1693

EPSS 7.6%

poppler - execution of arbitrary code

發布日:2008/4/18修改日:2026/4/28

也稱為:DEBIAN-CVE-2008-1693

描述

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

受影響套件(4)

Debian/popplerfrom 0, < 0.6.4-1
Debian/popplerfrom 0, < 0.4.5-5.1etch3
Debian/xpdffrom 0, < 3.02
Debian/xpdffrom 0, < 3.01-9.1+etch3

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-1693