Vulnerability CVE-2008-2950

Vulnerability Name:

CVE-2008-2950 (CCN-43619)

Assigned:

2008-07-07

Published:

2008-07-07

Updated:

2018-10-11

Summary:

The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-94

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2008-2950

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:015

Source: CCN
Type: poppler Web site
poppler

Source: CCN
Type: SA30963
Poppler "pageWidgets" Uninitialized Memory Access

Source: SECUNIA
Type: UNKNOWN
30963

Source: SECUNIA
Type: UNKNOWN
31002

Source: SECUNIA
Type: UNKNOWN
31167

Source: SECUNIA
Type: UNKNOWN
31267

Source: SECUNIA
Type: UNKNOWN
31405

Source: GENTOO
Type: UNKNOWN
GLSA-200807-04

Source: SREASON
Type: UNKNOWN
3977

Source: CCN
Type: SECTRACK ID: 1020435
Poppler Memory Allocation Bug in 'Page.cc' Lets Remote Users Execute Arbitrary Code

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/Advisories:rPSA-2008-0223

Source: CCN
Type: GLSA-200807-04
Poppler: User-assisted execution of arbitrary code

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:146

Source: CCN
Type: oCERT Advisories #2008-007
libpoppler uninitialized pointer

Source: MISC
Type: UNKNOWN
http://www.ocert.org/advisories/ocert-2008-007.html

Source: CCN
Type: OSVDB ID: 46806
Poppler libpoppler Page.cc Page Destructor pageWidgets Object Handling Uninitialized Memory Access

Source: BUGTRAQ
Type: UNKNOWN
20080707 [oCERT-2008-007] libpoppler uninitialized pointer

Source: BUGTRAQ
Type: UNKNOWN
20080709 rPSA-2008-0223-1 poppler

Source: BID
Type: UNKNOWN
30107

Source: CCN
Type: BID-30107
Poppler PDF Rendering Library Page Class Remote Code Execution Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020435

Source: CCN
Type: USN-631-1
poppler vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-631-1

Source: VUPEN
Type: UNKNOWN
ADV-2008-2024

Source: XF
Type: UNKNOWN
poppler-page-destructor-code-execution(43619)

Source: XF
Type: UNKNOWN
poppler-page-destructor-code-execution(43619)

Source: EXPLOIT-DB
Type: UNKNOWN
6032

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-7104

Source: SUSE
Type: SUSE-SR:2008:015
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:poppler:poppler:*:*:*:*:*:*:*:* (Version <= 0.8.4)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20082950	V	CVE-2008-2950	2022-06-30
oval:org.opensuse.security:def:42372	P	Security update for firewalld, golang-github-prometheus-prometheus (Important)	2022-04-27
oval:org.opensuse.security:def:42168	P	Security update for zlib (Important)	2022-03-30
oval:org.opensuse.security:def:112780	P	libpoppler-cpp0-21.08.0-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:32286	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:26228	P	Security update for ghostscript (Moderate)	2022-01-14
oval:org.opensuse.security:def:31375	P	Security update for libvirt (Important)	2022-01-10
oval:org.opensuse.security:def:32252	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:26185	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:31314	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:106251	P	Security update for MozillaFirefox (Important)	2021-11-10
oval:org.opensuse.security:def:32208	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:26145	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:31283	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:31688	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:32186	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:31682	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:31677	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:31676	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:31675	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:26101	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:26100	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:31240	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:31228	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:32147	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:31229	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:26092	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:31650	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:32130	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:36210	P	libpoppler-glib4-0.12.3-1.10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36475	P	libpoppler-devel-0.12.3-1.10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42617	P	libpoppler-glib4-0.12.3-1.10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32929	P	Security update for postgresql13 (Moderate)	2021-05-27
oval:org.opensuse.security:def:26043	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:26044	P	Security update for avahi (Moderate)	2021-05-04
oval:org.opensuse.security:def:26036	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:26029	P	Security update for the Linux Kernel (Important)	2021-04-15
oval:org.opensuse.security:def:31151	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:26025	P	Security update for openexr (Moderate)	2021-04-07
oval:org.opensuse.security:def:26024	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:31742	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:31731	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:26194	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:26087	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:32098	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:32004	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:42004	P	libpoppler-glib4-0.12.3-1.2.44 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35965	P	libpoppler-glib4-0.12.3-1.8.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35597	P	libpoppler-glib4-0.12.3-1.2.44 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35761	P	libpoppler-glib4-0.12.3-1.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25323	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:26291	P	Security update for python-reportlab (Important)	2020-12-01
oval:org.opensuse.security:def:25760	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:25433	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31838	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26756	P	libnewt0_52 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31065	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25719	P	Security update for ipmitool (Important)	2020-12-01
oval:org.opensuse.security:def:31982	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26964	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25835	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25737	P	Security update for libpng12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32391	P	Security update for tomcat6 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27438	P	libcgroup-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31077	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25857	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25990	P	Security update for libvpx (Moderate)	2020-12-01
oval:org.opensuse.security:def:32048	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31433	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26309	P	Security update for haproxy (Important)	2020-12-01
oval:org.opensuse.security:def:32452	P	Security update for xerces-j2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25149	P	Security update for openssl-1_1 (Important)	2020-12-01
oval:org.opensuse.security:def:31446	P	Security update for popt	2020-12-01
oval:org.opensuse.security:def:26336	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32725	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25515	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:31518	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:31519	P	Security update for sendmail	2020-12-01
oval:org.opensuse.security:def:26477	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:33134	P	libFLAC++6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25224	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:31799	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:31780	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26725	P	kdelibs3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25527	P	Security update for java-11-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:31986	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26535	P	cyrus-imapd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25596	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:32042	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31841	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:25963	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:25725	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:27208	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25941	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25866	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32523	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26389	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25924	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25312	P	Security update for libsolv (Moderate)	2020-12-01
oval:org.opensuse.security:def:26601	P	libsamplerate on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26247	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:25759	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:31762	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26742	P	libcgroup1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26597	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25387	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:32043	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31943	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:26929	P	kdenetwork4-filesharing on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25771	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25490	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32342	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:26800	P	pango on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31066	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25800	P	Security update for polkit (Moderate)	2020-12-01
oval:org.opensuse.security:def:31432	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25888	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:32430	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:27473	P	libpoppler-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25148	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:32686	P	java-1_6_0-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31444	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:26366	P	Security update for kdelibs4, kio (Moderate)	2020-12-01
oval:org.opensuse.security:def:26438	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:32496	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25160	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:31538	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:26654	P	xpdf-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25516	P	Security update for file-roller (Moderate)	2020-12-01
oval:org.opensuse.security:def:31894	P	Security update for fetchmail (Moderate)	2020-12-01
oval:org.opensuse.security:def:26491	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:33173	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25352	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:31886	P	Security update for ed (Low)	2020-12-01
oval:org.opensuse.security:def:31819	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:26760	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25591	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25574	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:27173	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25653	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25827	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:31885	P	Security update for ecryptfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:25778	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:25880	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:32562	P	libpoppler-glib4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25311	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:26450	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:26233	P	Security update for python-reportlab (Important)	2020-12-01
oval:org.opensuse.security:def:32890	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31595	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26703	P	fvwm2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26562	P	gtk2 on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:17647	P	USN-631-1 -- poppler vulnerability	2014-06-30

BACK