CVE-2008-1693
Detail
Deferred This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.
Description
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
Metrics
CVSS Version 4.0
CVSS Version 3.x
CVSS Version 2.0
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected]
URL
Source(s)
Tag(s)
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
CVE, Canonical Ltd.
http://secunia.com/advisories/29816
CVE, Canonical Ltd.
http://secunia.com/advisories/29834
CVE, Canonical Ltd.
http://secunia.com/advisories/29836
CVE, Canonical Ltd.
http://secunia.com/advisories/29851
CVE, Canonical Ltd.
http://secunia.com/advisories/29853
CVE, Canonical Ltd.
http://secunia.com/advisories/29868
CVE, Canonical Ltd.
http://secunia.com/advisories/29869
CVE, Canonical Ltd.
http://secunia.com/advisories/29884
CVE, Canonical Ltd.
http://secunia.com/advisories/29885
CVE, Canonical Ltd.
http://secunia.com/advisories/30019
CVE, Canonical Ltd.
http://secunia.com/advisories/30033
CVE, Canonical Ltd.
http://secunia.com/advisories/30717
CVE, Canonical Ltd.
http://secunia.com/advisories/31035
CVE, Canonical Ltd.
http://security.gentoo.org/glsa/glsa-200804-18.xml
CVE, Canonical Ltd.
http://securitytracker.com/id?1019893
CVE, Canonical Ltd.
http://www.debian.org/security/2008/dsa-1548
CVE, Canonical Ltd.
Patch
http://www.debian.org/security/2008/dsa-1606
CVE, Canonical Ltd.
http://www.mandriva.com/security/advisories?name=MDVSA-2008:089
CVE, Canonical Ltd.
http://www.mandriva.com/security/advisories?name=MDVSA-2008:173
CVE, Canonical Ltd.
http://www.mandriva.com/security/advisories?name=MDVSA-2008:197
CVE, Canonical Ltd.
http://www.novell.com/linux/security/advisories/2008_13_sr.html
CVE, Canonical Ltd.
http://www.redhat.com/support/errata/RHSA-2008-0238.html
CVE, Canonical Ltd.
http://www.redhat.com/support/errata/RHSA-2008-0239.html
CVE, Canonical Ltd.
http://www.redhat.com/support/errata/RHSA-2008-0240.html
CVE, Canonical Ltd.
http://www.redhat.com/support/errata/RHSA-2008-0262.html
CVE, Canonical Ltd.
http://www.securityfocus.com/bid/28830
CVE, Canonical Ltd.
http://www.ubuntu.com/usn/usn-603-1
CVE, Canonical Ltd.
http://www.ubuntu.com/usn/usn-603-2
CVE, Canonical Ltd.
http://www.vupen.com/english/advisories/2008/1265/references
CVE, Canonical Ltd.
http://www.vupen.com/english/advisories/2008/1266/references
CVE, Canonical Ltd.
https://exchange.xforce.ibmcloud.com/vulnerabilities/41884
CVE, Canonical Ltd.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226
CVE, Canonical Ltd.
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html
CVE, Canonical Ltd.
Weakness Enumeration
CWE-ID
CWE Name
Source
CWE-20
Improper Input Validation
NIST
Change History
5 change records found show changes
CVE Modified by CVE 11/20/2024 7:45:06 PM
Action
Type
Old Value
New Value
Added
Reference
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
Added
Reference
http://secunia.com/advisories/29816
Added
Reference
http://secunia.com/advisories/29834
Added
Reference
http://secunia.com/advisories/29836
Added
Reference
http://secunia.com/advisories/29851
Added
Reference
http://secunia.com/advisories/29853
Added
Reference
http://secunia.com/advisories/29868
Added
Reference
http://secunia.com/advisories/29869
Added
Reference
http://secunia.com/advisories/29884
Added
Reference
http://secunia.com/advisories/29885
Added
Reference
http://secunia.com/advisories/30019
Added
Reference
http://secunia.com/advisories/30033
Added
Reference
http://secunia.com/advisories/30717
Added
Reference
http://secunia.com/advisories/31035
Added
Reference
http://security.gentoo.org/glsa/glsa-200804-18.xml
Added
Reference
http://securitytracker.com/id?1019893
Added
Reference
http://www.debian.org/security/2008/dsa-1548
Added
Reference
http://www.debian.org/security/2008/dsa-1606
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2008:089
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2008:173
Added
Reference
http://www.mandriva.com/security/advisories?name=MDVSA-2008:197
Added
Reference
http://www.novell.com/linux/security/advisories/2008_13_sr.html
Added
Reference
http://www.redhat.com/support/errata/RHSA-2008-0238.html
Added
Reference
http://www.redhat.com/support/errata/RHSA-2008-0239.html
Added
Reference
http://www.redhat.com/support/errata/RHSA-2008-0240.html
Added
Reference
http://www.redhat.com/support/errata/RHSA-2008-0262.html
Added
Reference
http://www.securityfocus.com/bid/28830
Added
Reference
http://www.ubuntu.com/usn/usn-603-1
Added
Reference
http://www.ubuntu.com/usn/usn-603-2
Added
Reference
http://www.vupen.com/english/advisories/2008/1265/references
Added
Reference
http://www.vupen.com/english/advisories/2008/1266/references
Added
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/41884
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226
Added
Reference
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html
CVE Modified by Canonical Ltd. 5/13/2024 9:51:55 PM
Action
Type
Old Value
New Value
CVE Modified by Canonical Ltd. 9/28/2017 9:30:49 PM
Action
Type
Old Value
New Value
Added
Reference
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226 [No Types Assigned]
Removed
Reference
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11226 [No Types Assigned]
CVE Modified by Canonical Ltd. 8/07/2017 9:30:22 PM
Action
Type
Old Value
New Value
Added
Reference
https://exchange.xforce.ibmcloud.com/vulnerabilities/41884 [No Types Assigned]
Removed
Reference
http://xforce.iss.net/xforce/xfdb/41884 [No Types Assigned]
Initial CVE Analysis 4/18/2008 2:22:00 PM
Action
Type
Old Value
New Value
Quick Info
CVE Dictionary Entry: CVE-2008-1693 NVD
Published Date: 04/18/2008 NVD
Last Modified: 04/08/2025
Source: Canonical Ltd.
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
