CVSS: 7.8EPSS: 7%CPEs: 29EXPL: 0CVE-2008-1693 – xpdf: embedded font vulnerability
https://notcve.org/view.php?id=CVE-2008-1693
18 Apr 2008 — The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object. La función CairoFont::create en CairoFontEngine.cc de Poppler, posiblemente anterior a 0.8.0, como se usa en Xpdf, Evince, ePDFview... • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 8%CPEs: 9EXPL: 0CVE-2007-3387 – xpdf integer overflow
https://notcve.org/view.php?id=CVE-2007-3387
30 Jul 2007 — Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. Un desbordamiento de enteros en la función StreamPredictor::StreamPredictor en xpdf versión 3.02, tal como es usado en (1) poppler an... • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch • CWE-190: Integer Overflow or Wraparound •