ID FEDORA:1624960F0965 Type fedora Reporter Fedora Modified 2019-09-06T12:59:58
Description
PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. This tool can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.
{"id": "FEDORA:1624960F0965", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 29 Update: pdfresurrect-0.18-1.fc29", "description": "PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. This tool can also \"scrub\" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read. ", "published": "2019-09-06T12:59:58", "modified": "2019-09-06T12:59:58", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2019-14267", "CVE-2019-14934"], "lastseen": "2020-12-21T08:17:55", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-14267", "CVE-2019-14934"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310876759", "OPENVAS:1361412562310876758", "OPENVAS:1361412562310877177"]}, {"type": "nessus", "idList": ["FEDORA_2019-B20614FF74.NASL", "DEBIAN_DLA-2475.NASL", "FEDORA_2019-E01BC28777.NASL", "FEDORA_2019-80E5E20CF8.NASL"]}, {"type": "fedora", "idList": ["FEDORA:A6A6261376A6", "FEDORA:B4FCD606DC17"]}, {"type": "zdt", "idList": ["1337DAY-ID-33030"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:153767"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:62C201A373E2A05A4E9D9643F5370F98"]}, {"type": "exploitdb", "idList": ["EDB-ID:47178"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2475-1:1AD11"]}], "modified": "2020-12-21T08:17:55", "rev": 2}, "score": {"value": 4.9, "vector": "NONE", "modified": "2020-12-21T08:17:55", "rev": 2}, "vulnersScore": 4.9}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "29", "arch": "any", "packageName": "pdfresurrect", "packageVersion": "0.18", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"cve": [{"lastseen": "2021-02-02T07:12:51", "description": "PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.", "edition": 9, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-07-29T16:15:00", "title": "CVE-2019-14267", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14267"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:pdfresurrect_project:pdfresurrect:0.15"], "id": "CVE-2019-14267", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14267", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:pdfresurrect_project:pdfresurrect:0.15:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:12:52", "description": "An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.", "edition": 11, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-11T22:15:00", "title": "CVE-2019-14934", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14934"], "modified": "2020-12-01T15:15:00", "cpe": [], "id": "CVE-2019-14934", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14934", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}], "openvas": [{"lastseen": "2019-09-10T14:49:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-14934", "CVE-2019-14267"], "description": "The remote host is missing an update for the ", "modified": "2019-09-10T00:00:00", "published": "2019-09-07T00:00:00", "id": "OPENVAS:1361412562310876758", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876758", "type": "openvas", "title": "Fedora Update for pdfresurrect FEDORA-2019-e01bc28777", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876758\");\n script_version(\"2019-09-10T08:05:24+0000\");\n script_cve_id(\"CVE-2019-14267\", \"CVE-2019-14934\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-10 08:05:24 +0000 (Tue, 10 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-07 02:23:52 +0000 (Sat, 07 Sep 2019)\");\n script_name(\"Fedora Update for pdfresurrect FEDORA-2019-e01bc28777\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-e01bc28777\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LXN6W5QTNQJ2LFDCQWKYSMMZ3NPUWP3U\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pdfresurrect'\n package(s) announced via the FEDORA-2019-e01bc28777 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format\nallows for previous document changes to be retained in a more recent\nversion of the document, thereby creating a running history of changes\nfor the document. This tool attempts to extract all previous versions\nwhile also producing a summary of changes between versions. This tool\ncan also 'scrub' or write data over the original instances of PDF objects\nthat have been modified or deleted, in an effort to disguise information\nfrom previous versions that might not be intended for anyone else to read.\");\n\n script_tag(name:\"affected\", value:\"'pdfresurrect' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"pdfresurrect\", rpm:\"pdfresurrect~0.18~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-10T14:48:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-14934", "CVE-2019-14267"], "description": "The remote host is missing an update for the ", "modified": "2019-09-10T00:00:00", "published": "2019-09-07T00:00:00", "id": "OPENVAS:1361412562310876759", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876759", "type": "openvas", "title": "Fedora Update for pdfresurrect FEDORA-2019-80e5e20cf8", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876759\");\n script_version(\"2019-09-10T08:05:24+0000\");\n script_cve_id(\"CVE-2019-14267\", \"CVE-2019-14934\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-10 08:05:24 +0000 (Tue, 10 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-07 02:23:53 +0000 (Sat, 07 Sep 2019)\");\n script_name(\"Fedora Update for pdfresurrect FEDORA-2019-80e5e20cf8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-80e5e20cf8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DBYXYU2VSDJ3NAL54IW2KYD3TZSR33M\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pdfresurrect'\n package(s) announced via the FEDORA-2019-80e5e20cf8 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format\nallows for previous document changes to be retained in a more recent\nversion of the document, thereby creating a running history of changes\nfor the document. This tool attempts to extract all previous versions\nwhile also producing a summary of changes between versions. This tool\ncan also 'scrub' or write data over the original instances of PDF objects\nthat have been modified or deleted, in an effort to disguise information\nfrom previous versions that might not be intended for anyone else to read.\");\n\n script_tag(name:\"affected\", value:\"'pdfresurrect' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"pdfresurrect\", rpm:\"pdfresurrect~0.18~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-14T14:48:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-14934", "CVE-2019-14267"], "description": "The remote host is missing an update for the ", "modified": "2020-01-13T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310877177", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877177", "type": "openvas", "title": "Fedora Update for pdfresurrect FEDORA-2019-b20614ff74", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877177\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-14267\", \"CVE-2019-14934\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:30:40 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for pdfresurrect FEDORA-2019-b20614ff74\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b20614ff74\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y243C2IFMRFQWHV62JCSHTMQGDDCICNF\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'pdfresurrect'\n package(s) announced via the FEDORA-2019-b20614ff74 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format\nallows for previous document changes to be retained in a more recent\nversion of the document, thereby creating a running history of changes\nfor the document. This tool attempts to extract all previous versions\nwhile also producing a summary of changes between versions. This tool\ncan also 'scrub' or write data over the original instances of PDF objects\nthat have been modified or deleted, in an effort to disguise information\nfrom previous versions that might not be intended for anyone else to read.\");\n\n script_tag(name:\"affected\", value:\"'pdfresurrect' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"pdfresurrect\", rpm:\"pdfresurrect~0.18~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-14267", "CVE-2019-14934"], "description": "PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. This tool can also \"scrub\" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read. ", "modified": "2019-09-06T12:35:52", "published": "2019-09-06T12:35:52", "id": "FEDORA:A6A6261376A6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: pdfresurrect-0.18-1.fc30", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-14267", "CVE-2019-14934"], "description": "PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. This tool can also \"scrub\" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read. ", "modified": "2019-09-14T16:38:15", "published": "2019-09-14T16:38:15", "id": "FEDORA:B4FCD606DC17", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: pdfresurrect-0.18-1.fc31", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-02-01T02:33:24", "description": " - Security fix for CVE-2019-14267\n\n - Security fix for CVE-2019-14934\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-09-09T00:00:00", "title": "Fedora 29 : pdfresurrect (2019-80e5e20cf8)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-14934", "CVE-2019-14267"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:pdfresurrect"], "id": "FEDORA_2019-80E5E20CF8.NASL", "href": "https://www.tenable.com/plugins/nessus/128574", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-80e5e20cf8.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128574);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/24 11:01:32\");\n\n script_cve_id(\"CVE-2019-14267\", \"CVE-2019-14934\");\n script_xref(name:\"FEDORA\", value:\"2019-80e5e20cf8\");\n\n script_name(english:\"Fedora 29 : pdfresurrect (2019-80e5e20cf8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Security fix for CVE-2019-14267\n\n - Security fix for CVE-2019-14934\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-80e5e20cf8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pdfresurrect package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pdfresurrect\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"pdfresurrect-0.18-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdfresurrect\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T02:37:13", "description": " - Security fix for CVE-2019-14267\n\n - Security fix for CVE-2019-14934\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-09-09T00:00:00", "title": "Fedora 30 : pdfresurrect (2019-e01bc28777)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-14934", "CVE-2019-14267"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:pdfresurrect"], "id": "FEDORA_2019-E01BC28777.NASL", "href": "https://www.tenable.com/plugins/nessus/128581", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-e01bc28777.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128581);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/24 11:01:32\");\n\n script_cve_id(\"CVE-2019-14267\", \"CVE-2019-14934\");\n script_xref(name:\"FEDORA\", value:\"2019-e01bc28777\");\n\n script_name(english:\"Fedora 30 : pdfresurrect (2019-e01bc28777)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Security fix for CVE-2019-14267\n\n - Security fix for CVE-2019-14934\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-e01bc28777\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pdfresurrect package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pdfresurrect\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"pdfresurrect-0.18-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdfresurrect\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T02:36:33", "description": " - Security fix for CVE-2019-14267\n\n - Security fix for CVE-2019-14934\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-07T00:00:00", "title": "Fedora 31 : pdfresurrect (2019-b20614ff74)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-14934", "CVE-2019-14267"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:pdfresurrect", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-B20614FF74.NASL", "href": "https://www.tenable.com/plugins/nessus/129641", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-b20614ff74.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129641);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/09 11:16:56\");\n\n script_cve_id(\"CVE-2019-14267\", \"CVE-2019-14934\");\n script_xref(name:\"FEDORA\", value:\"2019-b20614ff74\");\n\n script_name(english:\"Fedora 31 : pdfresurrect (2019-b20614ff74)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Security fix for CVE-2019-14267\n\n - Security fix for CVE-2019-14934\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-b20614ff74\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected pdfresurrect package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:pdfresurrect\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"pdfresurrect-0.18-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"pdfresurrect\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-08T01:36:39", "description": "Vulnerabilities have been discovered in pdfresurrect, a tool for\nanalyzing and manipulating revisions to PDF documents.\n\nCVE-2019-14934\n\npdf_load_pages_kids in pdf.c doesn't validate a certain size value,\nwhich leads to a malloc failure and out-of-bounds write\n\nCVE-2020-20740\n\nlack of header validation checks causes heap-buffer-overflow in\npdf_get_version()\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.12-6+deb9u1.\n\nWe recommend that you upgrade your pdfresurrect packages.\n\nFor the detailed security status of pdfresurrect please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/pdfresurrect\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-02T00:00:00", "title": "Debian DLA-2475-1 : pdfresurrect security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-14934", "CVE-2020-20740"], "modified": "2020-12-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:pdfresurrect", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2475.NASL", "href": "https://www.tenable.com/plugins/nessus/143440", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2475-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143440);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/07\");\n\n script_cve_id(\"CVE-2019-14934\", \"CVE-2020-20740\");\n\n script_name(english:\"Debian DLA-2475-1 : pdfresurrect security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Vulnerabilities have been discovered in pdfresurrect, a tool for\nanalyzing and manipulating revisions to PDF documents.\n\nCVE-2019-14934\n\npdf_load_pages_kids in pdf.c doesn't validate a certain size value,\nwhich leads to a malloc failure and out-of-bounds write\n\nCVE-2020-20740\n\nlack of header validation checks causes heap-buffer-overflow in\npdf_get_version()\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.12-6+deb9u1.\n\nWe recommend that you upgrade your pdfresurrect packages.\n\nFor the detailed security status of pdfresurrect please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/pdfresurrect\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/12/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/pdfresurrect\"\n );\n # https://security-tracker.debian.org/tracker/source-package/pdfresurrect\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?db78ddee\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected pdfresurrect package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pdfresurrect\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"pdfresurrect\", reference:\"0.12-6+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2019-12-04T18:17:07", "description": "Exploit for linux platform in category dos / poc", "edition": 1, "published": "2019-07-27T00:00:00", "title": "pdfresurrect 0.15 - Buffer Overflow Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-14267"], "modified": "2019-07-27T00:00:00", "id": "1337DAY-ID-33030", "href": "https://0day.today/exploit/description/33030", "sourceData": "# Exploit Title: pdfresurrect 0.15 Buffer Overflow\r\n# Exploit Author: j0lama\r\n# Vendor Homepage: https://github.com/enferex/pdfresurrect\r\n# Software Link: https://github.com/enferex/pdfresurrect\r\n# Version: 0.15\r\n# Tested on: Ubuntu 18.04\r\n# CVE : CVE-2019-14267\r\n\r\nDescription\r\n===========\r\n\r\nPDFResurrect 0.15 has a buffer overflow via a crafted PDF file because\r\ndata associated with startxref and %%EOF is mishandled.\r\n\r\n\r\nAdditional Information\r\n======================\r\n\r\nThere is a buffer overflow in pdfresurrect 0.14 caused by a malicious\r\n crafted pdf file.\r\n\r\nIn function pdf_load_xrefs at pdf.c file, it counts how many times the\r\nstrings '%%EOF' appear in the pdf file. Then for each xref the code\r\nstarts to rewind incrementing the pos_count variable until found a 'f'\r\ncharacter (the last character of the 'startxref' string). Then these\r\nbytes between the 'f' and '%%EOF' will be read with the 'fread'\r\nfunction and copied to a 256 char buffer. The 'pos_count' variable\r\ntells 'freads' how many bytes has to copy. If malicious user crafted a\r\npdf file with more that 256 bytes between '%%EOF' and the immediately\r\nprevious 'f' then a buffer overflow will occur overwriting everything\r\nafter the 'buf' buffer.\r\n\r\nIn the code:\r\nint pdf_load_xrefs(FILE *fp, pdf_t *pdf)\r\n{\r\n int i, ver, is_linear;\r\n long pos, pos_count;\r\n char x, *c, buf[256];\r\n\r\n c = NULL;\r\n\r\n /* Count number of xrefs */\r\n pdf->n_xrefs = 0;\r\n fseek(fp, 0, SEEK_SET);\r\n while (get_next_eof(fp) >= 0)\r\n ++pdf->n_xrefs;\r\n\r\n if (!pdf->n_xrefs)\r\n return 0;\r\n\r\n /* Load in the start/end positions */\r\n fseek(fp, 0, SEEK_SET);\r\n pdf->xrefs = calloc(1, sizeof(xref_t) * pdf->n_xrefs);\r\n ver = 1;\r\n for (i=0; i<pdf->n_xrefs; i++)\r\n {\r\n /* Seek to %%EOF */\r\n if ((pos = get_next_eof(fp)) < 0)\r\n break;\r\n\r\n /* Set and increment the version */\r\n pdf->xrefs[i].version = ver++;\r\n\r\n /* Rewind until we find end of \"startxref\" */\r\n pos_count = 0;\r\n while (SAFE_F(fp, ((x = fgetc(fp)) != 'f'))) <== The loop will continue incrementing pos_count until find a 'f' char\r\n fseek(fp, pos - (++pos_count), SEEK_SET);\r\n\r\n /* Suck in end of \"startxref\" to start of %%EOF */\r\n memset(buf, 0, sizeof(buf));\r\n SAFE_E(fread(buf, 1, pos_count, fp), pos_count, <== If pos_count > 256 then a buffer overflow occur\r\n \"Failed to read startxref.\\n\");\r\n c = buf;\r\n while (*c == ' ' || *c == '\\n' || *c == '\\r')\r\n ++c;\r\n\r\n /* xref start position */\r\n pdf->xrefs[i].start = atol(c);\r\n\r\nThis is a crafted PDF that produces a buffer overflow: \r\n\r\nhttp://www.mediafire.com/file/3540cyrl7o8p1rq/example_error.pdf/file\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47178.zip\n\n# 0day.today [2019-12-04] #", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://0day.today/exploit/33030"}], "exploitpack": [{"lastseen": "2020-04-01T19:06:02", "description": "\npdfresurrect 0.15 - Buffer Overflow", "edition": 1, "published": "2019-07-26T00:00:00", "title": "pdfresurrect 0.15 - Buffer Overflow", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-14267"], "modified": "2019-07-26T00:00:00", "id": "EXPLOITPACK:62C201A373E2A05A4E9D9643F5370F98", "href": "", "sourceData": "# Exploit Title: pdfresurrect 0.15 Buffer Overflow\n# Date: 2019-07-26\n# Exploit Author: j0lama\n# Vendor Homepage: https://github.com/enferex/pdfresurrect\n# Software Link: https://github.com/enferex/pdfresurrect\n# Version: 0.15\n# Tested on: Ubuntu 18.04\n# CVE : CVE-2019-14267\n\nDescription\n===========\n\nPDFResurrect 0.15 has a buffer overflow via a crafted PDF file because\ndata associated with startxref and %%EOF is mishandled.\n\n\nAdditional Information\n======================\n\nThere is a buffer overflow in pdfresurrect 0.14 caused by a malicious\n crafted pdf file.\n\nIn function pdf_load_xrefs at pdf.c file, it counts how many times the\nstrings '%%EOF' appear in the pdf file. Then for each xref the code\nstarts to rewind incrementing the pos_count variable until found a 'f'\ncharacter (the last character of the 'startxref' string). Then these\nbytes between the 'f' and '%%EOF' will be read with the 'fread'\nfunction and copied to a 256 char buffer. The 'pos_count' variable\ntells 'freads' how many bytes has to copy. If malicious user crafted a\npdf file with more that 256 bytes between '%%EOF' and the immediately\nprevious 'f' then a buffer overflow will occur overwriting everything\nafter the 'buf' buffer.\n\nIn the code:\nint pdf_load_xrefs(FILE *fp, pdf_t *pdf)\n{\n int i, ver, is_linear;\n long pos, pos_count;\n char x, *c, buf[256];\n\n c = NULL;\n\n /* Count number of xrefs */\n pdf->n_xrefs = 0;\n fseek(fp, 0, SEEK_SET);\n while (get_next_eof(fp) >= 0)\n ++pdf->n_xrefs;\n\n if (!pdf->n_xrefs)\n return 0;\n\n /* Load in the start/end positions */\n fseek(fp, 0, SEEK_SET);\n pdf->xrefs = calloc(1, sizeof(xref_t) * pdf->n_xrefs);\n ver = 1;\n for (i=0; i<pdf->n_xrefs; i++)\n {\n /* Seek to %%EOF */\n if ((pos = get_next_eof(fp)) < 0)\n break;\n\n /* Set and increment the version */\n pdf->xrefs[i].version = ver++;\n\n /* Rewind until we find end of \"startxref\" */\n pos_count = 0;\n while (SAFE_F(fp, ((x = fgetc(fp)) != 'f'))) <== The loop will continue incrementing pos_count until find a 'f' char\n fseek(fp, pos - (++pos_count), SEEK_SET);\n\n /* Suck in end of \"startxref\" to start of %%EOF */\n memset(buf, 0, sizeof(buf));\n SAFE_E(fread(buf, 1, pos_count, fp), pos_count, <== If pos_count > 256 then a buffer overflow occur\n \"Failed to read startxref.\\n\");\n c = buf;\n while (*c == ' ' || *c == '\\n' || *c == '\\r')\n ++c;\n\n /* xref start position */\n pdf->xrefs[i].start = atol(c);\n\nThis is a crafted PDF that produces a buffer overflow: \n\nhttp://www.mediafire.com/file/3540cyrl7o8p1rq/example_error.pdf/file\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47178.zip", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2019-07-26T12:46:44", "description": "", "published": "2019-07-26T00:00:00", "type": "exploitdb", "title": "pdfresurrect 0.15 - Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-14267"], "modified": "2019-07-26T00:00:00", "id": "EDB-ID:47178", "href": "https://www.exploit-db.com/exploits/47178", "sourceData": "# Exploit Title: pdfresurrect 0.15 Buffer Overflow\r\n# Date: 2019-07-26\r\n# Exploit Author: j0lama\r\n# Vendor Homepage: https://github.com/enferex/pdfresurrect\r\n# Software Link: https://github.com/enferex/pdfresurrect\r\n# Version: 0.15\r\n# Tested on: Ubuntu 18.04\r\n# CVE : CVE-2019-14267\r\n\r\nDescription\r\n===========\r\n\r\nPDFResurrect 0.15 has a buffer overflow via a crafted PDF file because\r\ndata associated with startxref and %%EOF is mishandled.\r\n\r\n\r\nAdditional Information\r\n======================\r\n\r\nThere is a buffer overflow in pdfresurrect 0.14 caused by a malicious\r\n crafted pdf file.\r\n\r\nIn function pdf_load_xrefs at pdf.c file, it counts how many times the\r\nstrings '%%EOF' appear in the pdf file. Then for each xref the code\r\nstarts to rewind incrementing the pos_count variable until found a 'f'\r\ncharacter (the last character of the 'startxref' string). Then these\r\nbytes between the 'f' and '%%EOF' will be read with the 'fread'\r\nfunction and copied to a 256 char buffer. The 'pos_count' variable\r\ntells 'freads' how many bytes has to copy. If malicious user crafted a\r\npdf file with more that 256 bytes between '%%EOF' and the immediately\r\nprevious 'f' then a buffer overflow will occur overwriting everything\r\nafter the 'buf' buffer.\r\n\r\nIn the code:\r\nint pdf_load_xrefs(FILE *fp, pdf_t *pdf)\r\n{\r\n int i, ver, is_linear;\r\n long pos, pos_count;\r\n char x, *c, buf[256];\r\n\r\n c = NULL;\r\n\r\n /* Count number of xrefs */\r\n pdf->n_xrefs = 0;\r\n fseek(fp, 0, SEEK_SET);\r\n while (get_next_eof(fp) >= 0)\r\n ++pdf->n_xrefs;\r\n\r\n if (!pdf->n_xrefs)\r\n return 0;\r\n\r\n /* Load in the start/end positions */\r\n fseek(fp, 0, SEEK_SET);\r\n pdf->xrefs = calloc(1, sizeof(xref_t) * pdf->n_xrefs);\r\n ver = 1;\r\n for (i=0; i<pdf->n_xrefs; i++)\r\n {\r\n /* Seek to %%EOF */\r\n if ((pos = get_next_eof(fp)) < 0)\r\n break;\r\n\r\n /* Set and increment the version */\r\n pdf->xrefs[i].version = ver++;\r\n\r\n /* Rewind until we find end of \"startxref\" */\r\n pos_count = 0;\r\n while (SAFE_F(fp, ((x = fgetc(fp)) != 'f'))) <== The loop will continue incrementing pos_count until find a 'f' char\r\n fseek(fp, pos - (++pos_count), SEEK_SET);\r\n\r\n /* Suck in end of \"startxref\" to start of %%EOF */\r\n memset(buf, 0, sizeof(buf));\r\n SAFE_E(fread(buf, 1, pos_count, fp), pos_count, <== If pos_count > 256 then a buffer overflow occur\r\n \"Failed to read startxref.\\n\");\r\n c = buf;\r\n while (*c == ' ' || *c == '\\n' || *c == '\\r')\r\n ++c;\r\n\r\n /* xref start position */\r\n pdf->xrefs[i].start = atol(c);\r\n\r\nThis is a crafted PDF that produces a buffer overflow: \r\n\r\nhttp://www.mediafire.com/file/3540cyrl7o8p1rq/example_error.pdf/file\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47178.zip", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/47178"}], "packetstorm": [{"lastseen": "2019-07-27T21:05:36", "description": "", "published": "2019-07-26T00:00:00", "type": "packetstorm", "title": "pdfresurrect 0.15 Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-14267"], "modified": "2019-07-26T00:00:00", "id": "PACKETSTORM:153767", "href": "https://packetstormsecurity.com/files/153767/pdfresurrect-0.15-Buffer-Overflow.html", "sourceData": "`# Exploit Title: pdfresurrect 0.15 Buffer Overflow \n# Date: 2019-07-26 \n# Exploit Author: j0lama \n# Vendor Homepage: https://github.com/enferex/pdfresurrect \n# Software Link: https://github.com/enferex/pdfresurrect \n# Version: 0.15 \n# Tested on: Ubuntu 18.04 \n# CVE : CVE-2019-14267 \n \nDescription \n=========== \n \nPDFResurrect 0.15 has a buffer overflow via a crafted PDF file because \ndata associated with startxref and %%EOF is mishandled. \n \n \nAdditional Information \n====================== \n \nThere is a buffer overflow in pdfresurrect 0.14 caused by a malicious \ncrafted pdf file. \n \nIn function pdf_load_xrefs at pdf.c file, it counts how many times the \nstrings '%%EOF' appear in the pdf file. Then for each xref the code \nstarts to rewind incrementing the pos_count variable until found a 'f' \ncharacter (the last character of the 'startxref' string). Then these \nbytes between the 'f' and '%%EOF' will be read with the 'fread' \nfunction and copied to a 256 char buffer. The 'pos_count' variable \ntells 'freads' how many bytes has to copy. If malicious user crafted a \npdf file with more that 256 bytes between '%%EOF' and the immediately \nprevious 'f' then a buffer overflow will occur overwriting everything \nafter the 'buf' buffer. \n \nIn the code: \nint pdf_load_xrefs(FILE *fp, pdf_t *pdf) \n{ \nint i, ver, is_linear; \nlong pos, pos_count; \nchar x, *c, buf[256]; \n \nc = NULL; \n \n/* Count number of xrefs */ \npdf->n_xrefs = 0; \nfseek(fp, 0, SEEK_SET); \nwhile (get_next_eof(fp) >= 0) \n++pdf->n_xrefs; \n \nif (!pdf->n_xrefs) \nreturn 0; \n \n/* Load in the start/end positions */ \nfseek(fp, 0, SEEK_SET); \npdf->xrefs = calloc(1, sizeof(xref_t) * pdf->n_xrefs); \nver = 1; \nfor (i=0; i<pdf->n_xrefs; i++) \n{ \n/* Seek to %%EOF */ \nif ((pos = get_next_eof(fp)) < 0) \nbreak; \n \n/* Set and increment the version */ \npdf->xrefs[i].version = ver++; \n \n/* Rewind until we find end of \"startxref\" */ \npos_count = 0; \nwhile (SAFE_F(fp, ((x = fgetc(fp)) != 'f'))) <== The loop will continue incrementing pos_count until find a 'f' char \nfseek(fp, pos - (++pos_count), SEEK_SET); \n \n/* Suck in end of \"startxref\" to start of %%EOF */ \nmemset(buf, 0, sizeof(buf)); \nSAFE_E(fread(buf, 1, pos_count, fp), pos_count, <== If pos_count > 256 then a buffer overflow occur \n\"Failed to read startxref.\\n\"); \nc = buf; \nwhile (*c == ' ' || *c == '\\n' || *c == '\\r') \n++c; \n \n/* xref start position */ \npdf->xrefs[i].start = atol(c); \n \nThis is a crafted PDF that produces a buffer overflow: \n \nhttp://www.mediafire.com/file/3540cyrl7o8p1rq/example_error.pdf/file \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/153767/pdfresurrect015-overflow.txt"}], "debian": [{"lastseen": "2020-12-02T01:24:15", "bulletinFamily": "unix", "cvelist": ["CVE-2019-14934", "CVE-2020-20740"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2475-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Roberto C. S\u00e1nchez\nDecember 01, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : pdfresurrect\nVersion : 0.12-6+deb9u1\nCVE ID : CVE-2019-14934 CVE-2020-20740\n\nVulnerabilities have been discovered in pdfresurrect, a tool for\nanalyzing and manipulating revisions to PDF documents.\n\nCVE-2019-14934\n\n pdf_load_pages_kids in pdf.c doesn't validate a certain size value,\n which leads to a malloc failure and out-of-bounds write\n\nCVE-2020-20740\n\n lack of header validation checks causes heap-buffer-overflow in\n pdf_get_version()\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.12-6+deb9u1.\n\nWe recommend that you upgrade your pdfresurrect packages.\n\nFor the detailed security status of pdfresurrect please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/pdfresurrect\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2020-12-01T13:06:58", "published": "2020-12-01T13:06:58", "id": "DEBIAN:DLA-2475-1:1AD11", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202012/msg00002.html", "title": "[SECURITY] [DLA 2475-1] pdfresurrect security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
