CVE-2008-1693
Published: 18 April 2008
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
Notes
Author | Note |
---|---|
kees | there are two issues -- the specific vulnerability in embedded fonts and the fact that the Object types are unchecked when calling union member functions. |
fujitsu | libextractor isn't affected by the main CairoFont vulnerability. |
Priority
Status
Package | Release | Status |
---|---|---|
gpdf Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needs-triage)
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
ipe Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
edgy |
Not vulnerable
|
|
feisty |
Not vulnerable
|
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
kdegraphics Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(linked to poppler)
|
edgy |
Not vulnerable
(linked to poppler)
|
|
feisty |
Not vulnerable
(linked to poppler)
|
|
gutsy |
Not vulnerable
(linked to poppler)
|
|
hardy |
Not vulnerable
(linked to poppler)
|
|
intrepid |
Not vulnerable
(linked to poppler)
|
|
jaunty |
Not vulnerable
(linked to poppler)
|
|
karmic |
Not vulnerable
(linked to poppler)
|
|
upstream |
Needs triage
|
|
koffice Launchpad, Ubuntu, Debian |
dapper |
Released
(1:1.5.0-0ubuntu9.4)
|
edgy |
Released
(1:1.5.2-0ubuntu2.4)
|
|
feisty |
Released
(1:1.6.2-0ubuntu1.3)
|
|
gutsy |
Released
(1:1.6.3-0ubuntu5.2)
|
|
hardy |
Released
(1:1.6.3-4ubuntu7)
|
|
intrepid |
Not vulnerable
(1:1.6.3-4ubuntu7)
|
|
jaunty |
Not vulnerable
(1:1.6.3-4ubuntu7)
|
|
karmic |
Not vulnerable
(1:1.6.3-4ubuntu7)
|
|
upstream |
Needed
|
|
libextractor Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needs-triage)
|
|
feisty |
Ignored
(end of life, was needs-triage)
|
|
gutsy |
Ignored
(end of life, was needs-triage)
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Needs triage
|
|
pdfkit.framework Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needs-triage)
|
|
feisty |
Ignored
(end of life, was needs-triage)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
pdftohtml Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needs-triage)
|
|
feisty |
Ignored
(end of life, was needs-triage)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
poppler Launchpad, Ubuntu, Debian |
dapper |
Released
(0.5.1-0ubuntu7.4)
|
edgy |
Released
(0.5.4-0ubuntu4.4)
|
|
feisty |
Released
(0.5.4-0ubuntu8.3)
|
|
gutsy |
Released
(0.6-0ubuntu2.2)
|
|
hardy |
Released
(0.6.4-1ubuntu1)
|
|
intrepid |
Not vulnerable
(0.6.4-1ubuntu1)
|
|
jaunty |
Not vulnerable
(0.6.4-1ubuntu1)
|
|
karmic |
Not vulnerable
(0.6.4-1ubuntu1)
|
|
upstream |
Released
(0.6.2)
|
|
tetex-bin Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(linked to poppler)
|
edgy |
Not vulnerable
(linked to poppler)
|
|
feisty |
Not vulnerable
(linked to poppler)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
texlive-bin Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Not vulnerable
(linked to poppler)
|
|
feisty |
Not vulnerable
(linked to poppler)
|
|
gutsy |
Not vulnerable
(linked to poppler)
|
|
hardy |
Not vulnerable
(linked to poppler)
|
|
intrepid |
Not vulnerable
(linked to poppler)
|
|
jaunty |
Not vulnerable
(linked to poppler)
|
|
karmic |
Not vulnerable
(linked to poppler)
|
|
upstream |
Needs triage
|
|
xpdf Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
(3.02-1.3ubuntu1)
|
|
intrepid |
Not vulnerable
(3.02-1.3ubuntu1)
|
|
jaunty |
Not vulnerable
(3.02-1.3ubuntu1)
|
|
karmic |
Not vulnerable
(3.02-1.3ubuntu1)
|
|
upstream |
Released
(3.02)
|