CVE-2008-1693 · threatengine.sh

Home/CVE/The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFvie

CVE

CVE-2008-1693

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFvie

The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.

MEDIUM · CVSS 6.8 EPSS 0.07598

Monitor

EPSS percentile: top 8% of all CVEs by exploitation likelihood

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-20Improper Input Validation

▤

Affected Products & Versions

2

poppler<= 0.7.3

popplerall versions

▣

Scoring & Timeline

6.8

MEDIUM · CVSS v2 (legacy) · security@ubuntu.com

View on NVD

This CVE predates CVSS v3; the legacy v2 score is shown so triage still has a severity to work with.

v2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Published to NVD18 Apr 2008 · 03:05 PM

⚑

Vendor Advisories

7

suse-csafopenSUSE-SU-2024:10707-1
usnUSN-603-2
usnUSN-603-1
rhsaRHSA-2008:0240Important
rhsaRHSA-2008:0262Important
Show all 7 vendor advisoriesrhsaRHSA-2008:0239Important
rhsaRHSA-2008:0238Important

🔗

References & Sources

34

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html

http://secunia.com/advisories/29816

http://secunia.com/advisories/29834

http://secunia.com/advisories/29836

http://secunia.com/advisories/29851

http://secunia.com/advisories/29853

Show all 34 references

http://secunia.com/advisories/29868

http://secunia.com/advisories/29869

http://secunia.com/advisories/29884

http://secunia.com/advisories/29885

http://secunia.com/advisories/30019

http://secunia.com/advisories/30033

http://secunia.com/advisories/30717

http://secunia.com/advisories/31035

http://security.gentoo.org/glsa/glsa-200804-18.xml

http://securitytracker.com/id?1019893

http://www.debian.org/security/2008/dsa-1548Patch

http://www.debian.org/security/2008/dsa-1606

http://www.mandriva.com/security/advisories?name=MDVSA-2008:089

http://www.mandriva.com/security/advisories?name=MDVSA-2008:173

http://www.mandriva.com/security/advisories?name=MDVSA-2008:197

http://www.novell.com/linux/security/advisories/2008_13_sr.html

http://www.redhat.com/support/errata/RHSA-2008-0238.html

http://www.redhat.com/support/errata/RHSA-2008-0239.html

http://www.redhat.com/support/errata/RHSA-2008-0240.html

http://www.redhat.com/support/errata/RHSA-2008-0262.html

http://www.securityfocus.com/bid/28830

http://www.ubuntu.com/usn/usn-603-1

http://www.ubuntu.com/usn/usn-603-2

http://www.vupen.com/english/advisories/2008/1265/references

http://www.vupen.com/english/advisories/2008/1266/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41884

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin