|Xpdf嵌入字体处理代码执行漏洞 - VULHUB开源网络安全威胁库

Xpdf嵌入字体处理代码执行漏洞

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

BUGTRAQ ID: 28830 CVE(CAN) ID: CVE-2008-1693 Xpdf是便携文档格式（PDF）文件的开放源码查看器。 Xpdf显示PDF文件中所嵌入的畸形字体的方式存在漏洞，攻击者可以创建恶意的PDF文件，如果打开了该文件就会导致Xpdf崩溃或执行任意指令。 Xpdf 3.x Debian ------ Debian已经为此发布了一个安全公告（DSA-1548-1）以及相应补丁: DSA-1548-1：New xpdf packages fix arbitrary code exitution 链接：<a href=http://www.debian.org/security/2008/dsa-1548 target=_blank>http://www.debian.org/security/2008/dsa-1548</a> 补丁下载： Source archives: <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4.dsc target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4.dsc</a> Size/MD5 checksum: 974 b5ae1ed7abc02a808b97f9e8b1c08e6d <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4.diff.gz target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4.diff.gz</a> Size/MD5 checksum: 39829 8b0fe2c7568c3f82d6b3d5d4742b52d9 <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01.orig.tar.gz</a> Size/MD5 checksum: 599778 e004c69c7dddef165d768b1362b44268 Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4_all.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.01-9.1+etch4_all.deb</a> Size/MD5 checksum: 1274 e7fcf339747f547b7519cbd1df2f9338 <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9.1+etch4_all.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.01-9.1+etch4_all.deb</a> Size/MD5 checksum: 61358 7a76c4dc0a5eeb0b71fbc2807fc8ad21 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_alpha.deb</a> Size/MD5 checksum: 915780 40c67cd9c1b54b2f61e783df57b9f1b0 <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_alpha.deb</a> Size/MD5 checksum: 1675464 0ec4308b0a7a6a9281b436b536c2b4a4 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_amd64.deb</a> Size/MD5 checksum: 1480468 cc550f3994bdab8fd1534d0c00111723 <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_amd64.deb</a> Size/MD5 checksum: 804240 cca7233b1fe75ed2772af5d2f8e6d49d arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_arm.deb</a> Size/MD5 checksum: 1458046 46b5a1a1503ad522b310ecbb8ce64bcc <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_arm.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_arm.deb</a> Size/MD5 checksum: 799814 97e080dec03c0393d8fee63e1a005f1d hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_hppa.deb</a> Size/MD5 checksum: 1765316 5c465e20d6a5b285da773eda66c7497c <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_hppa.deb</a> Size/MD5 checksum: 959886 5a5192fc84768372b5370464d646bc64 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_i386.deb</a> Size/MD5 checksum: 793560 5c6a968f356623a7db8c1b88e8ef40c4 <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_i386.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_i386.deb</a> Size/MD5 checksum: 1450746 701944ba02dbe4dd852bd22bb0ca3ab2 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_ia64.deb</a> Size/MD5 checksum: 1212440 256c451d95495fa2689d1cca4c98e7e5 <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_ia64.deb</a> Size/MD5 checksum: 2203266 f73f1d87341e34c9f405c2c75b6f459d mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_mips.deb</a> Size/MD5 checksum: 1730844 fbc5b43b2558c59e6a2d6630d1371a88 <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_mips.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_mips.deb</a> Size/MD5 checksum: 954942 e0decffa31ae494958afecb231abee9f powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_powerpc.deb</a> Size/MD5 checksum: 845404 543e7f16a393736880f2d3eafae8c26f <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_powerpc.deb</a> Size/MD5 checksum: 1546580 61e23c448d7a81c80ee9f75bff993e80 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.01-9.1+etch4_s390.deb</a> Size/MD5 checksum: 1390938 0823e7675a54c9991880b5e057d079da <a href=http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_s390.deb target=_blank>http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.01-9.1+etch4_s390.deb</a> Size/MD5 checksum: 763906 0c891488a3bf7595c20a8063cdc9feca 补丁安装方法： 1. 手工安装补丁包：首先，使用下面的命令来下载补丁软件： # wget url (url是补丁下载链接地址) 然后，使用下面的命令来安装补丁： # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包：首先，使用下面的命令更新内部数据库： # apt-get update 然后，使用下面的命令安装更新软件包： # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2008:0239-01）以及相应补丁: RHSA-2008:0239-01：Important: poppler security update 链接：<a href=https://www.redhat.com/support/errata/RHSA-2008-0239.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0239.html</a>

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™