Home > Vulnerability Database > CVE-2008-1693

Mend.io Vulnerability Database

CVE-2008-1693

Date: April 18, 2008

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

Severity Score

5.6

Related Resources (38)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/41884

Url: http://secunia.com/advisories/30033

Url: http://www.vupen.com/english/advisories/2008/1265/references

Url: http://www.redhat.com/support/errata/RHSA-2008-0239.html

Url: http://www.securityfocus.com/bid/28830

Url: http://secunia.com/advisories/30019

Url: http://www.redhat.com/support/errata/RHSA-2008-0262.html

Url: http://secunia.com/advisories/30717

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:197

Url: http://secunia.com/advisories/29836

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:173

Url: http://securitytracker.com/id?1019893

Url: http://secunia.com/advisories/29816

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226

Url: http://secunia.com/advisories/29834

Url: http://www.redhat.com/support/errata/RHSA-2008-0240.html

Url: http://www.debian.org/security/2008/dsa-1606

Url: http://www.novell.com/linux/security/advisories/2008_13_sr.html

Url: http://secunia.com/advisories/29851

Url: http://secunia.com/advisories/29853

Url: http://www.debian.org/security/2008/dsa-1548

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-1693

Url: https://access.redhat.com/security/cve/CVE-2008-1693

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-1693

Url: http://security.gentoo.org/glsa/glsa-200804-18.xml

Url: http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html

Url: http://www.vupen.com/english/advisories/2008/1266/references

Url: http://www.redhat.com/support/errata/RHSA-2008-0238.html

Url: http://secunia.com/advisories/31035

Url: http://www.ubuntu.com/usn/usn-603-2

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:089

Url: http://www.ubuntu.com/usn/usn-603-1

Url: http://secunia.com/advisories/29869

Url: https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html

Url: http://secunia.com/advisories/29868

Url: http://secunia.com/advisories/29884

Url: http://secunia.com/advisories/29885

Url: https://www.mend.io/vulnerability-database/CVE-2008-1693

Severity Score

5.6

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-1693

Date: April 18, 2008

Severity Score

Related Resources (38)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?