CVE-2008-2950
poppler - arbitrary code execution
EPSS 12.3%
Description
The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.
How to fix CVE-2008-2950
To remediate CVE-2008-2950, upgrade the affected package to a fixed version below.
- Debian/poppler—upgrade to 0.8.4-1.1 or later
- Debian/poppler—upgrade to 0.8.2-2+lenny1 or later
Is CVE-2008-2950 being exploited?
Moderate — EPSS is 12.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.8.4-1.1
- from 0, < 0.8.2-2+lenny1