VDB
DEBIAN-CVE-2008-1693
DEBIAN-CVE-2008-1693
PUBLISHED
CVSS 9.300000190734863 CRITICAL
The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | xpdf | 0, 0, 0 |
| Debian:14 | xpdf | 0, 0, 0 |
| Debian:13 | xpdf | 0, 0, 0 |
| Debian:14 | poppler | 0, 0, 0 |
| Debian:13 | poppler | 0, 0, 0 |
| Debian:12 | poppler | 0, 0, 0 |
| Debian:12 | xpdf | 0, 0, 0 |
| Debian:11 | poppler | 0, 0, 0 |
Timeline
- Apr 18, 2008 CVE Published
- Apr 28, 2026 CVE Updated