NVD脆弱性詳細

CVE-2008-1693

概要	The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
公表日	2008年4月19日0:05
登録日	2021年1月29日13:34
最終更新日	2017年9月29日10:30

CVSS2.0 : MEDIUM
スコア	6.8
ベクター	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	はい
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:poppler:poppler:0.1:::::::*
cpe:2.3:a:poppler:poppler:0.1.1:::::::*
cpe:2.3:a:poppler:poppler:0.1.2:::::::*
cpe:2.3:a:poppler:poppler:0.2.0:::::::*
cpe:2.3:a:poppler:poppler:0.3.0:::::::*
cpe:2.3:a:poppler:poppler:0.3.1:::::::*
cpe:2.3:a:poppler:poppler:0.3.2:::::::*
cpe:2.3:a:poppler:poppler:0.3.3:::::::*
cpe:2.3:a:poppler:poppler:0.4.0:::::::*
cpe:2.3:a:poppler:poppler:0.4.1:::::::*
cpe:2.3:a:poppler:poppler:0.4.2:::::::*
cpe:2.3:a:poppler:poppler:0.4.3:::::::*
cpe:2.3:a:poppler:poppler:0.4.4:::::::*
cpe:2.3:a:poppler:poppler:0.5.0:::::::*
cpe:2.3:a:poppler:poppler:0.5.1:::::::*
cpe:2.3:a:poppler:poppler:0.5.2:::::::*
cpe:2.3:a:poppler:poppler:0.5.3:::::::*
cpe:2.3:a:poppler:poppler:0.5.4:::::::*
cpe:2.3:a:poppler:poppler:0.5.9:::::::*
cpe:2.3:a:poppler:poppler:0.5.91:::::::*
cpe:2.3:a:poppler:poppler:0.6.0:::::::*
cpe:2.3:a:poppler:poppler:0.6.1:::::::*
cpe:2.3:a:poppler:poppler:0.6.2:::::::*
cpe:2.3:a:poppler:poppler:0.6.3:::::::*
cpe:2.3:a:poppler:poppler:0.6.4:::::::*
cpe:2.3:a:poppler:poppler:0.7.0:::::::*
cpe:2.3:a:poppler:poppler:0.7.1:::::::*
cpe:2.3:a:poppler:poppler:0.7.2:::::::*
cpe:2.3:a:poppler:poppler::::::::		0.7.3

関連情報、対策とツール

No	URL	refsource	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html	SUSE
2	http://secunia.com/advisories/29816	SECUNIA
3	http://secunia.com/advisories/29834	SECUNIA
4	http://secunia.com/advisories/29836	SECUNIA
5	http://secunia.com/advisories/29851	SECUNIA
6	http://secunia.com/advisories/29853	SECUNIA
7	http://secunia.com/advisories/29868	SECUNIA
8	http://secunia.com/advisories/29869	SECUNIA
9	http://secunia.com/advisories/29884	SECUNIA
10	http://secunia.com/advisories/29885	SECUNIA
11	http://secunia.com/advisories/30019	SECUNIA
12	http://secunia.com/advisories/30033	SECUNIA
13	http://secunia.com/advisories/30717	SECUNIA
14	http://secunia.com/advisories/31035	SECUNIA
15	http://security.gentoo.org/glsa/glsa-200804-18.xml	GENTOO
16	http://securitytracker.com/id?1019893	SECTRACK
17	http://www.debian.org/security/2008/dsa-1548	DEBIAN	Patch
18	http://www.debian.org/security/2008/dsa-1606	DEBIAN
19	http://www.mandriva.com/security/advisories?name=MDVSA-2008:089	MANDRIVA
20	http://www.mandriva.com/security/advisories?name=MDVSA-2008:173	MANDRIVA
21	http://www.mandriva.com/security/advisories?name=MDVSA-2008:197	MANDRIVA
22	http://www.novell.com/linux/security/advisories/2008_13_sr.html	SUSE
23	http://www.redhat.com/support/errata/RHSA-2008-0238.html	REDHAT
24	http://www.redhat.com/support/errata/RHSA-2008-0239.html	REDHAT
25	http://www.redhat.com/support/errata/RHSA-2008-0240.html	REDHAT
26	http://www.redhat.com/support/errata/RHSA-2008-0262.html	REDHAT
27	http://www.securityfocus.com/bid/28830	BID
28	http://www.ubuntu.com/usn/usn-603-1	UBUNTU
29	http://www.ubuntu.com/usn/usn-603-2	UBUNTU
30	http://www.vupen.com/english/advisories/2008/1265/references	VUPEN
31	http://www.vupen.com/english/advisories/2008/1266/references	VUPEN
32	https://exchange.xforce.ibmcloud.com/vulnerabilities/41884	XF
33	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11226	OVAL
34	https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00522.html	FEDORA

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

構成1	以上	以下	より上	未満
cpe:2.3:a:poppler:poppler:0.1:::::::*
cpe:2.3:a:poppler:poppler:0.1.1:::::::*
cpe:2.3:a:poppler:poppler:0.1.2:::::::*
cpe:2.3:a:poppler:poppler:0.2.0:::::::*
cpe:2.3:a:poppler:poppler:0.3.0:::::::*
cpe:2.3:a:poppler:poppler:0.3.1:::::::*
cpe:2.3:a:poppler:poppler:0.3.2:::::::*
cpe:2.3:a:poppler:poppler:0.3.3:::::::*
cpe:2.3:a:poppler:poppler:0.4.0:::::::*
cpe:2.3:a:poppler:poppler:0.4.1:::::::*
cpe:2.3:a:poppler:poppler:0.4.2:::::::*
cpe:2.3:a:poppler:poppler:0.4.3:::::::*
cpe:2.3:a:poppler:poppler:0.4.4:::::::*
cpe:2.3:a:poppler:poppler:0.5.0:::::::*
cpe:2.3:a:poppler:poppler:0.5.1:::::::*
cpe:2.3:a:poppler:poppler:0.5.2:::::::*
cpe:2.3:a:poppler:poppler:0.5.3:::::::*
cpe:2.3:a:poppler:poppler:0.5.4:::::::*
cpe:2.3:a:poppler:poppler:0.5.9:::::::*
cpe:2.3:a:poppler:poppler:0.5.91:::::::*
cpe:2.3:a:poppler:poppler:0.6.0:::::::*
cpe:2.3:a:poppler:poppler:0.6.1:::::::*
cpe:2.3:a:poppler:poppler:0.6.2:::::::*
cpe:2.3:a:poppler:poppler:0.6.3:::::::*
cpe:2.3:a:poppler:poppler:0.6.4:::::::*
cpe:2.3:a:poppler:poppler:0.7.0:::::::*
cpe:2.3:a:poppler:poppler:0.7.1:::::::*
cpe:2.3:a:poppler:poppler:0.7.2:::::::*
cpe:2.3:a:poppler:poppler::::::::		0.7.3