221297 – (CVE-2008-1693) arbitrary code execution through crafted font object (CVE-2008-1693)

Bug 221297 (CVE-2008-1693) - arbitrary code execution through crafted font object (CVE-2008-1693)

Summary: arbitrary code execution through crafted font object (CVE-2008-1693)

Status:	RESOLVED DUPLICATE of bug 216850

Alias:	CVE-2008-1693

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-05-11 09:47 UTC by Peter Alfredsen (RETIRED)
Modified:	2008-05-11 15:50 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
40_pdf2-embedded-font-fixes.diff (40_pdf2-embedded-font-fixes.diff,4.60 KB, patch) 2008-05-11 09:48 UTC, Peter Alfredsen (RETIRED)	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Peter Alfredsen (RETIRED) gentoo-dev

2008-05-11 09:47:47 UTC

Patch for poppler-0.6.3
http://gitweb.freedesktop.org/?p=poppler/poppler.git;a=commitdiff;h=1a531dcfee1c6fc79a414c38cbe7327fbf9a59d8
Debian bug:
http://bugs.debian.org/476842
Koffice fix attached, extracted from Ubuntu.

I can't really say what the scope of this vulnerability is, but it's worthy of a bug.

Comment 1 Peter Alfredsen (RETIRED) gentoo-dev

2008-05-11 09:48:45 UTC

Created attachment 152827 [details, diff]
40_pdf2-embedded-font-fixes.diff

Fix for koffice.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-05-11 15:50:36 UTC

We took care of the xpdf/poppler issue in bug 216850.

Please note that koffice and kpdf was not found to be vulnerable by us. The patches Ubuntu applied were only precautionary measures.

*** This bug has been marked as a duplicate of bug 216850 ***