CVE-2008-2950

Publication date 7 July 2008

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Description

The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.

Status

Package Ubuntu Release Status
xpdf 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
7.04 feisty
Not affected
6.06 LTS dapper
Not affected
gpdf 9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Not in release
6.06 LTS dapper Ignored end of life
ipe 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy Ignored end of life, was needs-triage
7.04 feisty Ignored end of life, was needs-triage
6.06 LTS dapper Ignored end of life
kdegraphics 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
7.04 feisty
Not affected
6.06 LTS dapper
Not affected
koffice 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
7.04 feisty
Not affected
6.06 LTS dapper
Not affected
libextractor 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy Ignored end of life, was needs-triage
7.04 feisty Ignored end of life, was needs-triage
6.06 LTS dapper Ignored end of life
pdfkit.framework 9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Ignored end of life, was needs-triage
6.06 LTS dapper Ignored end of life
pdftohtml 9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Ignored end of life, was needs-triage
6.06 LTS dapper Ignored end of life
poppler 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Fixed 0.6.4-1ubuntu3.1
7.10 gutsy
Fixed 0.6-0ubuntu2.3
7.04 feisty
Not affected
6.06 LTS dapper
Not affected
tetex-bin 9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty
Not affected
6.06 LTS dapper
Not affected
texlive-bin 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
7.04 feisty
Not affected
6.06 LTS dapper Not in release

References

Related Ubuntu Security Notices (USN)

    • USN-631-1
    • poppler vulnerability
    • 28 July 2008

Other references