CVE-2008-1693
poppler - execution of arbitrary code
EPSS 7.6%
Description
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
How to fix CVE-2008-1693
To remediate CVE-2008-1693, upgrade the affected package to a fixed version below.
- Debian/poppler—upgrade to 0.6.4-1 or later
- —upgrade to 0.4.5-5.1etch3 or later
- —upgrade to 3.02 or later
- —upgrade to 3.01-9.1+etch3 or later
Is CVE-2008-1693 being exploited?
Moderate — EPSS is 7.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 0.6.4-1
- from 0, < 0.4.5-5.1etch3
- from 0, < 3.02
- from 0, < 3.01-9.1+etch3