CVE-2008-1693 — Improper Input Validation in Poppler

CWE-20 — Improper Input Validation9 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

7.6%

top 8.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freedesktop Poppler Xpdf Poppler

Timeline

PublishedApr 18

Latest updateMay 1

Description

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶Debianxpdf/xpdf< 3.02+3

▶Debianfreedesktop/poppler< 0.6.4-1+3

▶NVDpoppler/poppler0.7.3+28

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-3f98-v8mx-8cr7: The CairoFont::create function in CairoFontEngine↗2022-05-01

▶

CVEList

CVE-2008-1693: The CairoFont::create function in CairoFontEngine↗2008-04-18

▶

OSV

CVE-2008-1693: The CairoFont::create function in CairoFontEngine↗2008-04-18

▶

📋Vendor Advisories

Ubuntu

poppler vulnerability↗2008-04-17

▶

Red Hat

xpdf: embedded font vulnerability↗2008-04-17

▶

Ubuntu

KOffice vulnerability↗2008-04-17

▶

Debian

CVE-2008-1693: poppler - The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before...↗2008

▶

💬Community

Bugzilla

CVE-2008-1693 xpdf: embedded font vulnerability↗2008-04-09

▶