
CVE-2008-2950 – Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution
https://notcve.org/view.php?id=CVE-2008-2950
07 Jul 2008 — The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document. El destructor Page de Page.cc en libpoppler de Poppler 0.8.4 y anteriores, elimina el objeto pageWidgets incluso si éste no ha sido iniciado por un constructor Page, esto permite a atacantes remotos ejecutar código de su elección mediante un documento PDF manipulado. • https://www.exploit-db.com/exploits/6032 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2008-1693 – xpdf: embedded font vulnerability
https://notcve.org/view.php?id=CVE-2008-1693
18 Apr 2008 — The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object. La función CairoFont::create en CairoFontEngine.cc de Poppler, posiblemente anterior a 0.8.0, como se usa en Xpdf, Evince, ePDFview... • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html • CWE-20: Improper Input Validation •