Executive Summary

Summary
Title Updated poppler packages fix arbitrary code execution vulnerability
Informations
Name MDVSA-2008:146 First vendor Publication 2008-07-15
Vendor Mandriva Last vendor Modification 2008-07-15
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A memory management issue was found in libpoppler by Felipe Andres Manzano that could allow for the execution of arbitrary code with the privileges of the user running a poppler-based application, if they opened a specially crafted PDF file (CVE-2008-2950).

The updated packages have been patched to correct this issue.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:146

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17647
 
Oval ID: oval:org.mitre.oval:def:17647
Title: USN-631-1 -- poppler vulnerability
Description: Felipe Andres Manzano discovered that poppler did not correctly initialize certain page widgets.
Family: unix Class: patch
Reference(s): USN-631-1
CVE-2008-2950
Version: 7
Platform(s): Ubuntu 7.10
Ubuntu 8.04
Product(s): poppler
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 36

OpenVAS Exploits

Date Description
2009-06-30 Name : Fedora Core 9 FEDORA-2009-6982 (poppler)
File : nvt/fcore_2009_6982.nasl
2009-04-09 Name : Mandriva Update for poppler MDVSA-2008:146 (poppler)
File : nvt/gb_mandriva_MDVSA_2008_146.nasl
2009-03-23 Name : Ubuntu Update for poppler vulnerability USN-631-1
File : nvt/gb_ubuntu_USN_631_1.nasl
2009-02-17 Name : Fedora Update for poppler FEDORA-2008-7012
File : nvt/gb_fedora_2008_7012_poppler_fc9.nasl
2009-02-17 Name : Fedora Update for poppler FEDORA-2008-7104
File : nvt/gb_fedora_2008_7104_poppler_fc8.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200807-04 (poppler)
File : nvt/glsa_200807_04.nasl
2008-09-04 Name : FreeBSD Ports: poppler
File : nvt/freebsd_poppler.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
46806 Poppler libpoppler Page.cc Page Destructor pageWidgets Object Handling Uninit...

Nessus® Vulnerability Scanner

Date Description
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libpoppler-devel-080703.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-146.nasl - Type : ACT_GATHER_INFO
2008-09-12 Name : The remote Fedora host is missing a security update.
File : fedora_2008-7012.nasl - Type : ACT_GATHER_INFO
2008-08-08 Name : The remote Fedora host is missing a security update.
File : fedora_2008-7104.nasl - Type : ACT_GATHER_INFO
2008-07-29 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-631-1.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_bc20510f4dd411dd93e70211d880e350.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200807-04.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:39:32
  • Multiple Updates