Upstream information

CVE-2008-2950 at MITRE

Description

The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 404955 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • libpoppler-glib4 >= 0.12.3-1.2.44
  • libpoppler-qt4-3 >= 0.12.3-1.2.44
  • libpoppler5 >= 0.12.3-1.2.44
  • poppler-tools >= 0.12.3-1.2.44
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA libpoppler-glib4
SUSE Linux Enterprise Server 11 SP2
  • libpoppler-glib4 >= 0.12.3-1.3.1
  • libpoppler-qt4-3 >= 0.12.3-1.3.1
  • libpoppler5 >= 0.12.3-1.3.1
  • poppler-tools >= 0.12.3-1.3.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA libpoppler-glib4
SUSE Linux Enterprise Server 11 SP3
  • libpoppler-glib4 >= 0.12.3-1.8.1
  • libpoppler-qt4-3 >= 0.12.3-1.8.1
  • libpoppler5 >= 0.12.3-1.8.1
  • poppler-tools >= 0.12.3-1.8.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libpoppler-glib4
SUSE Linux Enterprise Server 11 SP4
  • libpoppler-glib4 >= 0.12.3-1.10.1
  • libpoppler-qt4-3 >= 0.12.3-1.10.1
  • libpoppler5 >= 0.12.3-1.10.1
  • poppler-tools >= 0.12.3-1.10.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libpoppler-glib4
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libpoppler-devel >= 0.12.3-1.10.1
  • libpoppler-glib-devel >= 0.12.3-1.10.1
  • libpoppler-qt2 >= 0.12.3-1.10.1
  • libpoppler-qt3-devel >= 0.12.3-1.10.1
  • libpoppler-qt4-devel >= 0.12.3-1.10.1
  • poppler-tools >= 0.12.3-1.10.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libpoppler-devel
openSUSE 11.0
  • libpoppler-devel >= 0.8.2-1.2
  • libpoppler-doc >= 0.8.2-1.2
  • libpoppler-glib-devel >= 0.8.2-1.2
  • libpoppler-glib3 >= 0.8.2-1.2
  • libpoppler-qt2 >= 0.8.2-1.2
  • libpoppler-qt3-devel >= 0.8.2-1.2
  • libpoppler-qt4-3 >= 0.8.2-1.2
  • libpoppler-qt4-devel >= 0.8.2-1.2
  • libpoppler3 >= 0.8.2-1.2
  • poppler-tools >= 0.8.2-1.2