Lucene search

K
debianDebianDEBIAN:DLA-1963-1:EE870
HistoryOct 17, 2019 - 9:17 p.m.

[SECURITY] [DLA 1963-1] poppler security update

2019-10-1721:17:50
lists.debian.org
145
poppler
security update
debian 8

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.006

Percentile

78.4%

Package : poppler
Version : 0.26.5-2+deb8u12
CVE ID : CVE-2019-9959 CVE-2019-10871

Two buffer allocation issues were identified in poppler.

CVE-2019-9959

An unexpected negative length value can cause an integer
overflow, which in turn making it possible to allocate a large
memory chunk on the heap with size controlled by an attacker.

CVE-2019-10871

The RGB data are considered CMYK data and hence it reads 4 bytes
instead of 3 bytes at the end of the image. The fixed version
defines SPLASH_CMYK which is the upstream recommended solution.

For Debian 8 "Jessie", these problems have been fixed in version
0.26.5-2+deb8u12.

We recommend that you upgrade your poppler packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.006

Percentile

78.4%