CVE-2008-2950

The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.
Configurations

Configuration 1 (hide)

cpe:2.3:a:poppler:poppler:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-07-07 23:41

Updated : 2024-02-28 11:21


NVD link : CVE-2008-2950

Mitre link : CVE-2008-2950

CVE.ORG link : CVE-2008-2950


JSON object : View

Products Affected

poppler

  • poppler
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')