CVE-2008-2950 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-2950 PUBLISHED CVSS 9.300000190734863 CRITICAL

The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.

EPSS 12.33% · 93.8th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

12.33%

93.8th percentile

Affected Products

Vendor	Product	Versions
poppler	poppler	0
n/a	n/a	n/a

Timeline

Jul 7, 2008 CVE Published
Jul 8, 2008 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

http://wiki.rpath.com/Advisories:rPSA-2008-0223 url
20080709 rPSA-2008-0223-1 poppler mailing-list
6032 exploit
30963 third-party-advisory
SUSE-SR:2008:015 vendor-advisory
ADV-2008-2024 vdb
31002 third-party-advisory
30107 vdb
GLSA-200807-04 vendor-advisory
http://www.ocert.org/advisories/ocert-2008-007.html url
31267 third-party-advisory
USN-631-1 vendor-advisory
31405 third-party-advisory
FEDORA-2008-7104 vendor-advisory
poppler-page-destructor-code-execution(43619) vdb
MDVSA-2008:146 vendor-advisory
3977 third-party-advisory
1020435 vdb
20080707 [oCERT-2008-007] libpoppler uninitialized pointer mailing-list
31167 third-party-advisory

…and 1 more

Open in Interactive Console →