Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2019:2022
HistoryAug 30, 2019 - 2:44 a.m.

evince, okular, poppler security update

2019-08-3002:44:38
CentOS Project
lists.centos.org
83

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.2%

JSON

CentOS Errata and Security Advisory CESA-2019:2022

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular.

Security Fix(es):

  • poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)

  • poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)

  • poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646)

  • poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)

  • poppler: reachable abort in Object.h (CVE-2018-19058)

  • poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059)

  • poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)

  • poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149)

  • poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)

  • poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)

  • poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)

  • poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032130.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032290.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032322.html

Affected packages:
evince
evince-browser-plugin
evince-devel
evince-dvi
evince-libs
evince-nautilus
okular
okular-devel
okular-libs
okular-part
poppler
poppler-cpp
poppler-cpp-devel
poppler-demos
poppler-devel
poppler-glib
poppler-glib-devel
poppler-qt
poppler-qt-devel
poppler-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2019:2022

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64evince< 3.28.2-8.el7evince-3.28.2-8.el7.x86_64.rpm
CentOS7x86_64evince-browser-plugin< 3.28.2-8.el7evince-browser-plugin-3.28.2-8.el7.x86_64.rpm
CentOS7i686evince-devel< 3.28.2-8.el7evince-devel-3.28.2-8.el7.i686.rpm
CentOS7x86_64evince-devel< 3.28.2-8.el7evince-devel-3.28.2-8.el7.x86_64.rpm
CentOS7x86_64evince-dvi< 3.28.2-8.el7evince-dvi-3.28.2-8.el7.x86_64.rpm
CentOS7i686evince-libs< 3.28.2-8.el7evince-libs-3.28.2-8.el7.i686.rpm
CentOS7x86_64evince-libs< 3.28.2-8.el7evince-libs-3.28.2-8.el7.x86_64.rpm
CentOS7x86_64evince-nautilus< 3.28.2-8.el7evince-nautilus-3.28.2-8.el7.x86_64.rpm
CentOS7x86_64okular< 4.10.5-7.el7okular-4.10.5-7.el7.x86_64.rpm
CentOS7i686okular-devel< 4.10.5-7.el7okular-devel-4.10.5-7.el7.i686.rpm
Rows per page:
1-10 of 321

Related

nessus 52
amazon 2
redhat 2
oraclelinux 2
openvas 42
fedora 14
osv 14
debian 6
ubuntu 5
mageia 4
suse 1
veracode 8
debiancve 10
redhatcve 9
cve 9
prion 8
ubuntucve 10
gentoo 1
nessus
nessus
Scientific Linux Security Update : poppler on SL7.x x86_64 (20190806)
2019-08-27 00:00:00
NewStart CGSL CORE 5.05 / MAIN 5.05 : poppler Multiple Vulnerabilities (NS-SA-2019-0249)
2019-12-31 00:00:00
RHEL 7 : poppler (RHSA-2019:2022)
2019-08-12 00:00:00
amazon
amazon
Medium: poppler
2019-10-21 18:01:00
Medium: poppler
2019-08-23 17:01:00
redhat
redhat
(RHSA-2019:2022) Moderate: poppler security, bug fix, and enhancement update
2019-08-06 07:51:02
(RHSA-2019:2713) Moderate: poppler security update
2019-09-10 15:32:22
oraclelinux
oraclelinux
poppler security, bug fix, and enhancement update
2019-08-13 00:00:00
poppler security update
2019-09-12 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2269)
2020-01-23 00:00:00
Fedora Update for mingw-poppler FEDORA-2019-7085420900
2019-05-07 00:00:00
Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2224)
2020-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-2.fc29
2018-12-30 03:22:07
[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-4.fc29
2019-03-15 18:30:03
[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-3.fc29
2019-02-18 02:04:58
osv
osv
poppler - security update
2019-03-08 00:00:00
poppler - security update
2020-07-23 00:00:00
poppler - security update
2020-11-08 00:00:00
debian
debian
[SECURITY] [DLA 1706-1] poppler security update
2019-03-08 20:37:16
[SECURITY] [DLA 2287-1] poppler security update
2020-07-23 10:16:10
[SECURITY] [DLA 2440-1] poppler security update
2020-11-08 23:59:37
ubuntu
ubuntu
poppler vulnerabilities
2018-12-04 00:00:00
poppler vulnerabilities
2019-01-22 00:00:00
poppler regression
2018-12-11 00:00:00
mageia
mageia
Updated poppler packages fix security vulnerabilities
2018-11-23 01:26:34
Updated poppler packages fix security vulnerability
2019-02-20 23:56:50
Updated poppler packages fix security vulnerabilities
2019-03-29 18:51:06
suse
suse
Security update for poppler (important)
2021-12-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-11-12 07:13:51
Denial Of Service
2019-02-04 04:43:31
Denial Of Service (DoS)
2018-12-26 08:52:33
debiancve
debiancve
CVE-2018-19149
2018-11-10 19:29:00
CVE-2018-20481
2018-12-26 04:29:00
CVE-2018-20650
2019-01-01 16:29:00
redhatcve
redhatcve
CVE-2018-19149
2018-11-13 16:49:19
CVE-2019-9631
2019-10-09 06:24:14
CVE-2019-9200
2019-02-27 12:49:37
cve
cve
CVE-2018-19149
2018-11-10 19:29:00
CVE-2018-20481
2018-12-26 04:29:00
CVE-2018-20650
2019-01-01 16:29:00
prion
prion
Null pointer dereference
2018-11-10 19:29:00
Heap overflow
2019-02-26 23:29:00
Null pointer dereference
2018-12-26 04:29:00
ubuntucve
ubuntucve
CVE-2018-19149
2018-11-10 00:00:00
CVE-2018-20481
2018-12-25 00:00:00
CVE-2019-9631
2019-03-08 00:00:00
gentoo
gentoo
Poppler: Multiple vulnerabilities
2019-04-02 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.2%

JSON
Related for CESA-2019:2022
nessus52amazon2redhat2oraclelinux2openvas42fedora14osv14debian6ubuntu5mageia4suse1veracode8debiancve10redhatcve9cve9prion8ubuntucve10gentoo1