The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html cve-icon cve-icon
http://secunia.com/advisories/29816 cve-icon cve-icon
http://secunia.com/advisories/29834 cve-icon cve-icon
http://secunia.com/advisories/29836 cve-icon cve-icon
http://secunia.com/advisories/29851 cve-icon cve-icon
http://secunia.com/advisories/29853 cve-icon cve-icon
http://secunia.com/advisories/29868 cve-icon cve-icon
http://secunia.com/advisories/29869 cve-icon cve-icon
http://secunia.com/advisories/29884 cve-icon cve-icon
http://secunia.com/advisories/29885 cve-icon cve-icon
http://secunia.com/advisories/30019 cve-icon cve-icon
http://secunia.com/advisories/30033 cve-icon cve-icon
http://secunia.com/advisories/30717 cve-icon cve-icon
http://secunia.com/advisories/31035 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200804-18.xml cve-icon cve-icon
http://securitytracker.com/id?1019893 cve-icon cve-icon
http://www.debian.org/security/2008/dsa-1548 cve-icon cve-icon
http://www.debian.org/security/2008/dsa-1606 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2008:089 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2008:173 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2008:197 cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2008_13_sr.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0238.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0239.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0240.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0262.html cve-icon cve-icon
http://www.securityfocus.com/bid/28830 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-603-1 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-603-2 cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/1265/references cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/1266/references cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/41884 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2008-1693 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2008-1693 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2008-04-18T15:00:00

Updated: 2024-08-07T08:32:01.237Z

Reserved: 2008-04-08T00:00:00

Link: CVE-2008-1693

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2008-04-18T15:05:00.000

Modified: 2024-11-21T00:45:06.990

Link: CVE-2008-1693

cve-icon Redhat

Severity : Important

Publid Date: 2008-04-17T00:00:00Z

Links: CVE-2008-1693 - Bugzilla