{"id": "DEBIAN_DLA-1939.NASL", "bulletinFamily": "scanner", "title": "Debian DLA-1939-1 : poppler security update", "description": "Several issues in poppler, a PDF rendering library, have been fixed.\n\nCVE-2018-20650\n\nA missing check for the dict data type could lead to a denial of\nservice.\n\nCVE-2018-21009\n\nAn integer overflow might happen in Parser::makeStream.\n\nCVE-2019-12493\n\nA stack-based buffer over-read by a crafted PDF file might happen in\nPostScriptFunction::transform because some functions mishandle tint\ntransformation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n0.26.5-2+deb8u11.\n\nWe recommend that you upgrade your poppler packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2019-10-01T00:00:00", "modified": "2019-10-01T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/129475", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html", "https://packages.debian.org/source/jessie/poppler"], "cvelist": ["CVE-2019-12493", "CVE-2018-20650", "CVE-2018-21009"], "type": "nessus", "lastseen": "2021-01-12T09:41:30", "edition": 16, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-12493", "CVE-2018-21009", "CVE-2018-20650"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891939", "OPENVAS:1361412562310875445", "OPENVAS:1361412562311220192224", "OPENVAS:1361412562311220201173", "OPENVAS:1361412562310843876", "OPENVAS:1361412562310877233", "OPENVAS:1361412562310875676", "OPENVAS:1361412562310875603", "OPENVAS:1361412562310876942", "OPENVAS:1361412562310876936"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2287-1:32EF5", "DEBIAN:DLA-1939-1:7E56E", "DEBIAN:DLA-2440-1:A36E2"]}, {"type": "nessus", "idList": ["EULEROS_SA-2020-1173.NASL", "CENTOS_RHSA-2020-1074.NASL", "NEWSTART_CGSL_NS-SA-2020-0110_POPPLER.NASL", "FEDORA_2019-7FF7F5093E.NASL", "SL_20200407_POPPLER_AND_EVINCE_ON_SL7_X.NASL", "NEWSTART_CGSL_NS-SA-2020-0074_POPPLER.NASL", "FEDORA_2019-40F4AF0687.NASL", "AL2_ALAS-2020-1481.NASL", "EULEROS_SA-2020-2561.NASL", "REDHAT-RHSA-2020-1074.NASL"]}, {"type": "ubuntu", "idList": ["USN-3865-1", "USN-4646-1"]}, {"type": "amazon", "idList": ["ALAS2-2019-1332", "ALAS-2019-1271", "ALAS2-2020-1481", "ALAS-2020-1398"]}, {"type": "fedora", "idList": ["FEDORA:793E86418387", "FEDORA:9501060491C8", "FEDORA:0E9A0606E48B", "FEDORA:E01ED6076974", "FEDORA:17FC5606733A", "FEDORA:264CB604B3B9", "FEDORA:DC0FE602EC13"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2713", "ELSA-2020-1074", "ELSA-2019-2022"]}, {"type": "redhat", "idList": ["RHSA-2019:2713", "RHSA-2019:2022", "RHSA-2020:1074"]}, {"type": "centos", "idList": ["CESA-2019:2022", "CESA-2020:1074"]}], "modified": "2021-01-12T09:41:30", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-01-12T09:41:30", "rev": 2}, "vulnersScore": 6.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1939-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129475);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-20650\", \"CVE-2018-21009\", \"CVE-2019-12493\");\n\n script_name(english:\"Debian DLA-1939-1 : poppler security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues in poppler, a PDF rendering library, have been fixed.\n\nCVE-2018-20650\n\nA missing check for the dict data type could lead to a denial of\nservice.\n\nCVE-2018-21009\n\nAn integer overflow might happen in Parser::makeStream.\n\nCVE-2019-12493\n\nA stack-based buffer over-read by a crafted PDF file might happen in\nPostScriptFunction::transform because some functions mishandle tint\ntransformation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n0.26.5-2+deb8u11.\n\nWe recommend that you upgrade your poppler packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/poppler\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-cpp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-glib-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-glib-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-glib8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-private-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt4-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt5-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler46\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:poppler-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"gir1.2-poppler-0.18\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-cpp-dev\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-cpp0\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-dev\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-glib-dev\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-glib-doc\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-glib8\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-private-dev\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-qt4-4\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-qt4-dev\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-qt5-1\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-qt5-dev\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler46\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"poppler-dbg\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"poppler-utils\", reference:\"0.26.5-2+deb8u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "129475", "cpe": ["p-cpe:/a:debian:debian_linux:poppler-dbg", "p-cpe:/a:debian:debian_linux:libpoppler-private-dev", "p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:libpoppler-qt5-1", "p-cpe:/a:debian:debian_linux:libpoppler-cpp0", "p-cpe:/a:debian:debian_linux:libpoppler-qt4-dev", "p-cpe:/a:debian:debian_linux:poppler-utils", "p-cpe:/a:debian:debian_linux:libpoppler-glib8", "p-cpe:/a:debian:debian_linux:libpoppler-dev", "p-cpe:/a:debian:debian_linux:libpoppler46", "p-cpe:/a:debian:debian_linux:libpoppler-qt4-4", "p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev", "p-cpe:/a:debian:debian_linux:libpoppler-qt5-dev", "p-cpe:/a:debian:debian_linux:libpoppler-glib-doc", "p-cpe:/a:debian:debian_linux:libpoppler-glib-dev"], "scheme": null, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2020-12-09T20:25:40", "description": "Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.", "edition": 9, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-05T04:15:00", "title": "CVE-2018-21009", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21009"], "modified": "2020-07-23T12:15:00", "cpe": [], "id": "CVE-2018-21009", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-21009", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-10-03T13:38:41", "description": "A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.2}, "published": "2019-05-31T02:29:00", "title": "CVE-2019-12493", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12493"], "modified": "2019-09-30T23:15:00", "cpe": ["cpe:/a:glyphandcog:xpdfreader:4.01.01"], "id": "CVE-2019-12493", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12493", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*"]}, {"lastseen": "2020-11-09T13:56:24", "description": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-01-01T16:29:00", "title": "CVE-2018-20650", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20650"], "modified": "2020-11-09T02:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/a:freedesktop:poppler:0.72.0", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-20650", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20650", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:a:freedesktop:poppler:0.72.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "debian": [{"lastseen": "2020-08-20T00:59:57", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12493", "CVE-2018-20650", "CVE-2018-21009"], "description": "Package : poppler\nVersion : 0.26.5-2+deb8u11\nCVE ID : CVE-2018-20650 CVE-2018-21009 CVE-2019-12493\n\n\nSeveral issues in poppler, a PDF rendering library, have been fixed.\n\nCVE-2018-20650\n\n A missing check for the dict data type could lead to a denial of\n service.\n\nCVE-2018-21009\n\n An integer overflow might happen in Parser::makeStream.\n\nCVE-2019-12493\n\n A stack-based buffer over-read by a crafted PDF file might happen in\n PostScriptFunction::transform because some functions mishandle tint\n transformation.\n\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n0.26.5-2+deb8u11.\n\nWe recommend that you upgrade your poppler packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 9, "modified": "2019-09-30T20:32:43", "published": "2019-09-30T20:32:43", "id": "DEBIAN:DLA-1939-1:7E56E", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201909/msg00033.html", "title": "[SECURITY] [DLA 1939-1] poppler security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:02:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12293", "CVE-2017-18267", "CVE-2018-20481", "CVE-2018-16646", "CVE-2018-21009", "CVE-2019-10872", "CVE-2019-9631", "CVE-2019-9200"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2287-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nJuly 23, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : poppler\nVersion : 0.48.0-2+deb9u3\nCVE ID : CVE-2017-18267 CVE-2018-16646 CVE-2018-20481 CVE-2018-21009\n CVE-2019-9200 CVE-2019-9631 CVE-2019-10872 CVE-2019-12293\nDebian Bug : 898357 909802 917325 923414 926530 926673 929423\n\nSeveral issues were found in Poppler, a PDF rendering library, that could\nlead to denial of service or possibly other unspecified impact when\nprocessing maliciously crafted documents.\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.48.0-2+deb9u3.\n\nWe recommend that you upgrade your poppler packages.\n\nFor the detailed security status of poppler please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/poppler\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2020-07-23T10:16:27", "published": "2020-07-23T10:16:27", "id": "DEBIAN:DLA-2287-1:32EF5", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202007/msg00018.html", "title": "[SECURITY] [DLA 2287-1] poppler security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-09T13:20:26", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14926", "CVE-2019-10018", "CVE-2018-20650", "CVE-2019-7310", "CVE-2018-19058", "CVE-2017-14928", "CVE-2018-20662", "CVE-2019-9959", "CVE-2019-14494"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2440-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nNovember 08, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : poppler\nVersion : 0.48.0-2+deb9u4\nCVE ID : CVE-2017-14926 CVE-2017-14928 CVE-2018-19058\n CVE-2018-20650 CVE-2018-20662 CVE-2019-7310\n CVE-2019-9959 CVE-2019-10018 CVE-2019-14494\nDebian Bug : 877239 877231 913177 917974 918158 926133\n 933812 921215 941776\n \nSeveral issues were found and corrected in Poppler, a PDF rendering library,\nthat could lead to denial of service or possibly other unspecified impact when\nprocessing maliciously crafted documents.\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.48.0-2+deb9u4.\n\nWe recommend that you upgrade your poppler packages.\n\nFor the detailed security status of poppler please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/poppler\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2020-11-08T23:59:52", "published": "2020-11-08T23:59:52", "id": "DEBIAN:DLA-2440-1:A36E2", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202011/msg00014.html", "title": "[SECURITY] [DLA 2440-1] poppler security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T19:29:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12493", "CVE-2018-20650", "CVE-2018-21009"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-10-01T00:00:00", "id": "OPENVAS:1361412562310891939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891939", "type": "openvas", "title": "Debian LTS: Security Advisory for poppler (DLA-1939-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891939\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-20650\", \"CVE-2018-21009\", \"CVE-2019-12493\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-01 02:00:10 +0000 (Tue, 01 Oct 2019)\");\n script_name(\"Debian LTS: Security Advisory for poppler (DLA-1939-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1939-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the DLA-1939-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several issues in poppler, a PDF rendering library, have been fixed.\n\nCVE-2018-20650\n\nA missing check for the dict data type could lead to a denial of\nservice.\n\nCVE-2018-21009\n\nAn integer overflow might happen in Parser::makeStream.\n\nCVE-2019-12493\n\nA stack-based buffer over-read by a crafted PDF file might happen in\nPostScriptFunction::transform because some functions mishandle tint\ntransformation.\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n0.26.5-2+deb8u11.\n\nWe recommend that you upgrade your poppler packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"gir1.2-poppler-0.18\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-cpp-dev\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-cpp0\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-glib-doc\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-glib8\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-private-dev\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt4-4\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt4-dev\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt5-1\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt5-dev\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler46\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"poppler-dbg\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20650", "CVE-2018-20481"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2019-01-23T00:00:00", "id": "OPENVAS:1361412562310843876", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843876", "type": "openvas", "title": "Ubuntu Update for poppler USN-3865-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3865_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for poppler USN-3865-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843876\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-20481\", \"CVE-2018-20650\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-01-23 04:01:39 +0100 (Wed, 23 Jan 2019)\");\n script_name(\"Ubuntu Update for poppler USN-3865-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3865-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3865-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the USN-3865-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that poppler incorrectly handled certain PDF files.\nAn attacker could possibly use this issue to cause a denial of service.\n(CVE-2018-20481, CVE-2018-20650)\");\n\n script_tag(name:\"affected\", value:\"poppler on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpoppler44\", ver:\"0.24.5-2ubuntu4.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.24.5-2ubuntu4.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpoppler73\", ver:\"0.62.0-2ubuntu2.6\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.62.0-2ubuntu2.6\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpoppler79\", ver:\"0.68.0-0ubuntu1.4\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.68.0-0ubuntu1.4\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpoppler58\", ver:\"0.41.0-0ubuntu1.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.41.0-0ubuntu1.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-26T20:43:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20650", "CVE-2018-19058", "CVE-2018-19059"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-25T00:00:00", "published": "2020-02-25T00:00:00", "id": "OPENVAS:1361412562311220201173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201173", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2020-1173)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1173\");\n script_version(\"2020-02-25T13:57:56+0000\");\n script_cve_id(\"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-20650\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-25 13:57:56 +0000 (Tue, 25 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-25 13:57:56 +0000 (Tue, 25 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2020-1173)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1173\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1173\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2020-1173 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.67.0~1.h8.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.67.0~1.h8.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.67.0~1.h8.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.67.0~1.h8.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20551", "CVE-2018-20650", "CVE-2018-18897", "CVE-2018-20481"], "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310875603", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875603", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2019-7ff7f5093e", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875603\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-20551\", \"CVE-2018-20481\", \"CVE-2018-20650\", \"CVE-2018-18897\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:11:44 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for poppler FEDORA-2019-7ff7f5093e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-7ff7f5093e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CH33MK2BAV326CV7IKYGMFO4IYX552Z2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the FEDORA-2019-7ff7f5093e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"poppler is a PDF rendering library.\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.67.0~10.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20551", "CVE-2018-20650", "CVE-2018-18897", "CVE-2018-13988", "CVE-2017-18267", "CVE-2018-20481"], "description": "The remote host is missing an update for the\n ", "modified": "2019-03-15T00:00:00", "published": "2019-02-08T00:00:00", "id": "OPENVAS:1361412562310875445", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875445", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2019-40f4af0687", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875445\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-20551\", \"CVE-2018-20481\", \"CVE-2018-20650\", \"CVE-2018-13988\",\n \"CVE-2017-18267\", \"CVE-2018-18897\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-08 04:08:33 +0100 (Fri, 08 Feb 2019)\");\n script_name(\"Fedora Update for poppler FEDORA-2019-40f4af0687\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-40f4af0687\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WI67GY5HCZV6GQDYKCEAMSRY3LINJ7NS\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'poppler' package(s) announced via the FEDORA-2019-40f4af0687 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"affected\", value:\"poppler on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.62.0~14.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-14T14:48:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12957", "CVE-2019-12958", "CVE-2019-12493", "CVE-2019-13281", "CVE-2019-13283", "CVE-2019-13286", "CVE-2019-13282", "CVE-2019-12515"], "description": "The remote host is missing an update for the ", "modified": "2020-01-13T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310877233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877233", "type": "openvas", "title": "Fedora Update for xpdf FEDORA-2019-759ba8202b", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877233\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-13286\", \"CVE-2019-13281\", \"CVE-2019-13282\", \"CVE-2019-13283\", \"CVE-2019-12957\", \"CVE-2019-12958\", \"CVE-2019-12493\", \"CVE-2019-12515\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:33:17 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for xpdf FEDORA-2019-759ba8202b\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-759ba8202b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xpdf'\n package(s) announced via the FEDORA-2019-759ba8202b advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files. Xpdf is a small and efficient program which uses\nstandard X fonts.\");\n\n script_tag(name:\"affected\", value:\"'xpdf' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~4.02~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T12:10:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12957", "CVE-2019-12958", "CVE-2019-12493", "CVE-2019-13281", "CVE-2019-13283", "CVE-2019-13286", "CVE-2019-13282", "CVE-2019-12515"], "description": "The remote host is missing an update for the ", "modified": "2019-10-30T00:00:00", "published": "2019-10-26T00:00:00", "id": "OPENVAS:1361412562310876936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876936", "type": "openvas", "title": "Fedora Update for xpdf FEDORA-2019-01da705767", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876936\");\n script_version(\"2019-10-30T10:03:24+0000\");\n script_cve_id(\"CVE-2019-13286\", \"CVE-2019-13281\", \"CVE-2019-13282\", \"CVE-2019-13283\", \"CVE-2019-12957\", \"CVE-2019-12958\", \"CVE-2019-12493\", \"CVE-2019-12515\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-30 10:03:24 +0000 (Wed, 30 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-26 02:27:29 +0000 (Sat, 26 Oct 2019)\");\n script_name(\"Fedora Update for xpdf FEDORA-2019-01da705767\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-01da705767\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xpdf'\n package(s) announced via the FEDORA-2019-01da705767 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files. Xpdf is a small and efficient program which uses\nstandard X fonts.\");\n\n script_tag(name:\"affected\", value:\"'xpdf' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~4.02~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T12:10:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12957", "CVE-2019-12958", "CVE-2019-12493", "CVE-2019-13281", "CVE-2019-13283", "CVE-2019-13286", "CVE-2019-13282", "CVE-2019-12515"], "description": "The remote host is missing an update for the ", "modified": "2019-10-30T00:00:00", "published": "2019-10-26T00:00:00", "id": "OPENVAS:1361412562310876942", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876942", "type": "openvas", "title": "Fedora Update for xpdf FEDORA-2019-a457286734", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876942\");\n script_version(\"2019-10-30T10:03:24+0000\");\n script_cve_id(\"CVE-2019-13286\", \"CVE-2019-13281\", \"CVE-2019-13282\", \"CVE-2019-13283\", \"CVE-2019-12957\", \"CVE-2019-12958\", \"CVE-2019-12493\", \"CVE-2019-12515\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-30 10:03:24 +0000 (Wed, 30 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-26 02:27:42 +0000 (Sat, 26 Oct 2019)\");\n script_name(\"Fedora Update for xpdf FEDORA-2019-a457286734\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-a457286734\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xpdf'\n package(s) announced via the FEDORA-2019-a457286734 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files. Xpdf is a small and efficient program which uses\nstandard X fonts.\");\n\n script_tag(name:\"affected\", value:\"'xpdf' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~4.02~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20551", "CVE-2018-20650", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-20481", "CVE-2018-16646", "CVE-2018-19149"], "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310875676", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875676", "type": "openvas", "title": "Fedora Update for mingw-poppler FEDORA-2019-b0bd3c604a", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875676\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-20481\", \"CVE-2018-20551\", \"CVE-2018-20650\", \"CVE-2018-16646\", \"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-19060\", \"CVE-2018-19149\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:15:29 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for mingw-poppler FEDORA-2019-b0bd3c604a\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b0bd3c604a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDSUENJ3ORHLJ5M6MBMW4GDNONBLRXC3\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-poppler'\n package(s) announced via the FEDORA-2019-b0bd3c604a advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MinGW Windows Poppler library.\");\n\n script_tag(name:\"affected\", value:\"'mingw-poppler' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mingw-poppler\", rpm:\"mingw-poppler~0.67.0~3.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:34:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20650", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-16646", "CVE-2018-20662", "CVE-2018-19149", "CVE-2019-9631"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192269", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192269", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2269)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2269\");\n script_version(\"2020-01-23T12:43:46+0000\");\n script_cve_id(\"CVE-2018-16646\", \"CVE-2018-18897\", \"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-19060\", \"CVE-2018-19149\", \"CVE-2018-20650\", \"CVE-2018-20662\", \"CVE-2019-9631\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:43:46 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:43:46 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2269)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2269\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2269\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2019-2269 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.(CVE-2018-16646)\n\nAn issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897)\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\nAn issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060)\n\nPoppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018-19149)\n\nA reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\nIn Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)\n\nPoppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.26.5~17.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.26.5~17.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.26.5~17.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.26.5~17.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-06-06T09:06:30", "description": "The remote CentOS host is missing a security update which has been\ndocumented in Red Hat advisory RHSA-2020:1074.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-10T00:00:00", "title": "CentOS 7 : evince / poppler (CESA-2020:1074)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-21009"], "modified": "2020-04-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:poppler-glib", "p-cpe:/a:centos:centos:evince-libs", "p-cpe:/a:centos:centos:poppler-cpp", "p-cpe:/a:centos:centos:poppler-glib-devel", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:poppler", "p-cpe:/a:centos:centos:evince", "p-cpe:/a:centos:centos:poppler-utils", "p-cpe:/a:centos:centos:evince-dvi", "p-cpe:/a:centos:centos:poppler-cpp-devel", "p-cpe:/a:centos:centos:evince-browser-plugin", "p-cpe:/a:centos:centos:evince-nautilus", "p-cpe:/a:centos:centos:poppler-qt", "p-cpe:/a:centos:centos:poppler-demos", "p-cpe:/a:centos:centos:evince-devel", "p-cpe:/a:centos:centos:poppler-devel", "p-cpe:/a:centos:centos:poppler-qt-devel"], "id": "CENTOS_RHSA-2020-1074.NASL", "href": "https://www.tenable.com/plugins/nessus/135331", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:1074 and \n# CentOS Errata and Security Advisory 2020:1074 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135331);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n script_xref(name:\"RHSA\", value:\"2020:1074\");\n\n script_name(english:\"CentOS 7 : evince / poppler (CESA-2020:1074)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote CentOS host is missing a security update which has been\ndocumented in Red Hat advisory RHSA-2020:1074.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012440.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f08cad0d\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012567.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19c490bd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected evince and / or poppler packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-21009\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-browser-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-dvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-browser-plugin-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-devel-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-dvi-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-libs-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-nautilus-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-cpp-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-cpp-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-demos-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-glib-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-glib-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-qt-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-qt-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-utils-0.26.5-42.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evince / evince-browser-plugin / evince-devel / evince-dvi / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:07:13", "description": "According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Poppler before 0.66.0 has an integer overflow in\n Parser::makeStream in Parser.cc.(CVE-2018-21009)\n\n - A stack-based buffer over-read exists in\n FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in\n Xpdf 4.01.01. It can, for example, be triggered by\n sending crafted TrueType data in a PDF document to the\n pdftops tool. It might allow an attacker to cause\n Denial of Service or leak memory data into dump\n content.(CVE-2019-12360)\n\n - In Poppler through 0.76.1, there is a heap-based buffer\n over-read in JPXStream::init in JPEG2000Stream.cc via\n data with inconsistent heights or\n widths.(CVE-2019-12293)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-15T00:00:00", "title": "EulerOS 2.0 SP5 : poppler (EulerOS-SA-2020-2561)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-12360", "CVE-2019-12293", "CVE-2018-21009"], "modified": "2020-12-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler-utils", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-qt", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2561.NASL", "href": "https://www.tenable.com/plugins/nessus/144251", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144251);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-12293\",\n \"CVE-2019-12360\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : poppler (EulerOS-SA-2020-2561)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Poppler before 0.66.0 has an integer overflow in\n Parser::makeStream in Parser.cc.(CVE-2018-21009)\n\n - A stack-based buffer over-read exists in\n FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in\n Xpdf 4.01.01. It can, for example, be triggered by\n sending crafted TrueType data in a PDF document to the\n pdftops tool. It might allow an attacker to cause\n Denial of Service or leak memory data into dump\n content.(CVE-2019-12360)\n\n - In Poppler through 0.76.1, there is a heap-based buffer\n over-read in JPXStream::init in JPEG2000Stream.cc via\n data with inconsistent heights or\n widths.(CVE-2019-12293)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2561\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?58c8be90\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.26.5-17.h25.eulerosv2r7\",\n \"poppler-glib-0.26.5-17.h25.eulerosv2r7\",\n \"poppler-qt-0.26.5-17.h25.eulerosv2r7\",\n \"poppler-utils-0.26.5-17.h25.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:02:30", "description": "According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A reachable Object::dictLookup assertion in Poppler\n 0.72.0 allows attackers to cause a denial of service\n due to the lack of a check for the dict data type, as\n demonstrated by use of the FileSpec class (in\n FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n out-of-bounds read in EmbFile::save2 in FileSpec.cc,\n will lead to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating embedded files before\n save attempts.(CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n reachable abort in Object.h, will lead to denial of\n service because EmbFile::save2 in FileSpec.cc lacks a\n stream check before saving an embedded\n file.(CVE-2018-19058)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-02-25T00:00:00", "title": "EulerOS 2.0 SP8 : poppler (EulerOS-SA-2020-1173)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20650", "CVE-2018-19058", "CVE-2018-19059"], "modified": "2020-02-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler-utils", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-qt", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1173.NASL", "href": "https://www.tenable.com/plugins/nessus/134007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134007);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-19058\",\n \"CVE-2018-19059\",\n \"CVE-2018-20650\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : poppler (EulerOS-SA-2020-1173)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A reachable Object::dictLookup assertion in Poppler\n 0.72.0 allows attackers to cause a denial of service\n due to the lack of a check for the dict data type, as\n demonstrated by use of the FileSpec class (in\n FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n out-of-bounds read in EmbFile::save2 in FileSpec.cc,\n will lead to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating embedded files before\n save attempts.(CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n reachable abort in Object.h, will lead to denial of\n service because EmbFile::save2 in FileSpec.cc lacks a\n stream check before saving an embedded\n file.(CVE-2018-19058)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1173\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?703342c5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.67.0-1.h8.eulerosv2r8\",\n \"poppler-glib-0.67.0-1.h8.eulerosv2r8\",\n \"poppler-qt-0.67.0-1.h8.eulerosv2r8\",\n \"poppler-utils-0.67.0-1.h8.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-14T13:13:24", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1481 advisory.\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-26T00:00:00", "title": "Amazon Linux 2 : poppler (ALAS-2020-1481)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-9959"], "modified": "2020-08-26T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:poppler", "p-cpe:/a:amazon:linux:poppler-cpp", "p-cpe:/a:amazon:linux:poppler-cpp-devel", "p-cpe:/a:amazon:linux:poppler-glib-devel", "p-cpe:/a:amazon:linux:poppler-glib", "p-cpe:/a:amazon:linux:poppler-utils", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:poppler-qt-devel", "p-cpe:/a:amazon:linux:poppler-qt", "p-cpe:/a:amazon:linux:poppler-demos", "p-cpe:/a:amazon:linux:poppler-devel", "p-cpe:/a:amazon:linux:poppler-debuginfo"], "id": "AL2_ALAS-2020-1481.NASL", "href": "https://www.tenable.com/plugins/nessus/139861", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1481.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139861);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/26\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-12293\"\n );\n script_bugtraq_id(109342, 107862, 108457);\n script_xref(name:\"ALAS\", value:\"2020-1481\");\n\n script_name(english:\"Amazon Linux 2 : poppler (ALAS-2020-1481)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1481 advisory.\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1481.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-21009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9959\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update poppler' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'poppler-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-cpp-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-cpp-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-cpp-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-cpp-devel-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-cpp-devel-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-cpp-devel-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-debuginfo-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-debuginfo-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-debuginfo-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-demos-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-demos-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-demos-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-devel-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-devel-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-devel-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-glib-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-glib-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-glib-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-glib-devel-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-glib-devel-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-glib-devel-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-qt-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-qt-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-qt-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-qt-devel-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-qt-devel-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-qt-devel-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-utils-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-utils-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-utils-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-cpp / poppler-cpp-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-11T11:58:06", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2020-0074)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-9959"], "modified": "2020-12-09T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0074_POPPLER.NASL", "href": "https://www.tenable.com/plugins/nessus/143911", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0074. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143911);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-12293\"\n );\n script_bugtraq_id(107862, 108457, 109342);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2020-0074)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0074\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL poppler packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'poppler-0.26.5-42.el7',\n 'poppler-cpp-0.26.5-42.el7',\n 'poppler-cpp-devel-0.26.5-42.el7',\n 'poppler-debuginfo-0.26.5-42.el7',\n 'poppler-demos-0.26.5-42.el7',\n 'poppler-devel-0.26.5-42.el7',\n 'poppler-glib-0.26.5-42.el7',\n 'poppler-glib-devel-0.26.5-42.el7',\n 'poppler-qt-0.26.5-42.el7',\n 'poppler-qt-devel-0.26.5-42.el7',\n 'poppler-utils-0.26.5-42.el7'\n ],\n 'CGSL MAIN 5.04': [\n 'poppler-0.26.5-42.el7',\n 'poppler-cpp-0.26.5-42.el7',\n 'poppler-cpp-devel-0.26.5-42.el7',\n 'poppler-debuginfo-0.26.5-42.el7',\n 'poppler-demos-0.26.5-42.el7',\n 'poppler-devel-0.26.5-42.el7',\n 'poppler-glib-0.26.5-42.el7',\n 'poppler-glib-devel-0.26.5-42.el7',\n 'poppler-qt-0.26.5-42.el7',\n 'poppler-qt-devel-0.26.5-42.el7',\n 'poppler-utils-0.26.5-42.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'poppler');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-11T11:58:23", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : poppler Multiple Vulnerabilities (NS-SA-2020-0110)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-9959"], "modified": "2020-12-09T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0110_POPPLER.NASL", "href": "https://www.tenable.com/plugins/nessus/143995", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0110. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143995);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-12293\"\n );\n script_bugtraq_id(107862, 108457, 109342);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : poppler Multiple Vulnerabilities (NS-SA-2020-0110)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0110\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL poppler packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'poppler-0.26.5-42.el7',\n 'poppler-cpp-0.26.5-42.el7',\n 'poppler-cpp-devel-0.26.5-42.el7',\n 'poppler-debuginfo-0.26.5-42.el7',\n 'poppler-demos-0.26.5-42.el7',\n 'poppler-devel-0.26.5-42.el7',\n 'poppler-glib-0.26.5-42.el7',\n 'poppler-glib-devel-0.26.5-42.el7',\n 'poppler-qt-0.26.5-42.el7',\n 'poppler-qt-devel-0.26.5-42.el7',\n 'poppler-utils-0.26.5-42.el7'\n ],\n 'CGSL MAIN 5.05': [\n 'poppler-0.26.5-42.el7',\n 'poppler-cpp-0.26.5-42.el7',\n 'poppler-cpp-devel-0.26.5-42.el7',\n 'poppler-debuginfo-0.26.5-42.el7',\n 'poppler-demos-0.26.5-42.el7',\n 'poppler-devel-0.26.5-42.el7',\n 'poppler-glib-0.26.5-42.el7',\n 'poppler-glib-devel-0.26.5-42.el7',\n 'poppler-qt-0.26.5-42.el7',\n 'poppler-qt-devel-0.26.5-42.el7',\n 'poppler-utils-0.26.5-42.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'poppler');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:57:10", "description": "Security fix for CVE-2018-20551, CVE-2018-20481, CVE-2018-20650 and\nCVE-2018-18897.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 8, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-01-24T00:00:00", "title": "Fedora 29 : poppler (2019-7ff7f5093e)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20551", "CVE-2018-20650", "CVE-2018-18897", "CVE-2018-20481"], "modified": "2019-01-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:poppler"], "id": "FEDORA_2019-7FF7F5093E.NASL", "href": "https://www.tenable.com/plugins/nessus/121334", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-7ff7f5093e.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121334);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-18897\", \"CVE-2018-20481\", \"CVE-2018-20551\", \"CVE-2018-20650\");\n script_xref(name:\"FEDORA\", value:\"2019-7ff7f5093e\");\n\n script_name(english:\"Fedora 29 : poppler (2019-7ff7f5093e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-20551, CVE-2018-20481, CVE-2018-20650 and\nCVE-2018-18897.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-7ff7f5093e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"poppler-0.67.0-10.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T02:23:00", "description": "Security fix for CVE-2018-20551, CVE-2018-20481 and CVE-2018-20650.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 19, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-02-08T00:00:00", "title": "Fedora 28 : poppler (2019-40f4af0687)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20551", "CVE-2018-20650", "CVE-2018-18897", "CVE-2018-20481"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:poppler", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-40F4AF0687.NASL", "href": "https://www.tenable.com/plugins/nessus/122040", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-40f4af0687.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122040);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/12\");\n\n script_cve_id(\"CVE-2018-18897\", \"CVE-2018-20481\", \"CVE-2018-20551\", \"CVE-2018-20650\");\n script_xref(name:\"FEDORA\", value:\"2019-40f4af0687\");\n\n script_name(english:\"Fedora 28 : poppler (2019-40f4af0687)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-20551, CVE-2018-20481 and CVE-2018-20650.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-40f4af0687\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"poppler-0.62.0-14.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-30T10:57:25", "description": "* poppler: integer overflow in Parser::makeStream in Parser.cc *\npoppler: heap-based buffer over-read in function\nPSOutputDev::checkPageSlice in PSOutputDev.cc * poppler: heap-based\nbuffer over-read in JPXStream::init in JPEG2000Stream.cc * poppler:\ninteger overflow in JPXStream::init function leading to memory\nconsumption * evince: uninitialized memory use in function\ntiff_document_render() and tiff_document_get_thumbnail()", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-21T00:00:00", "title": "Scientific Linux Security Update : poppler and evince on SL7.x x86_64 (20200407)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-11459", "CVE-2019-9959"], "modified": "2020-04-21T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:poppler-devel", "p-cpe:/a:fermilab:scientific_linux:evince", "p-cpe:/a:fermilab:scientific_linux:poppler", "p-cpe:/a:fermilab:scientific_linux:poppler-cpp", "p-cpe:/a:fermilab:scientific_linux:evince-devel", "p-cpe:/a:fermilab:scientific_linux:poppler-glib-devel", "p-cpe:/a:fermilab:scientific_linux:poppler-glib", "p-cpe:/a:fermilab:scientific_linux:evince-debuginfo", "p-cpe:/a:fermilab:scientific_linux:evince-browser-plugin", "p-cpe:/a:fermilab:scientific_linux:poppler-utils", "p-cpe:/a:fermilab:scientific_linux:poppler-qt", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:evince-libs", "p-cpe:/a:fermilab:scientific_linux:poppler-debuginfo", "p-cpe:/a:fermilab:scientific_linux:evince-dvi", "p-cpe:/a:fermilab:scientific_linux:poppler-demos", "p-cpe:/a:fermilab:scientific_linux:evince-nautilus", "p-cpe:/a:fermilab:scientific_linux:poppler-cpp-devel", "p-cpe:/a:fermilab:scientific_linux:poppler-qt-devel"], "id": "SL_20200407_POPPLER_AND_EVINCE_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135829", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135829);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/24\");\n\n script_cve_id(\"CVE-2018-21009\", \"CVE-2019-10871\", \"CVE-2019-11459\", \"CVE-2019-12293\", \"CVE-2019-9959\");\n\n script_name(english:\"Scientific Linux Security Update : poppler and evince on SL7.x x86_64 (20200407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"* poppler: integer overflow in Parser::makeStream in Parser.cc *\npoppler: heap-based buffer over-read in function\nPSOutputDev::checkPageSlice in PSOutputDev.cc * poppler: heap-based\nbuffer over-read in JPXStream::init in JPEG2000Stream.cc * poppler:\ninteger overflow in JPXStream::init function leading to memory\nconsumption * evince: uninitialized memory use in function\ntiff_document_render() and tiff_document_get_thumbnail()\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=14129\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?135f6233\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-browser-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-dvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-browser-plugin-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-debuginfo-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-devel-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-dvi-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-libs-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-nautilus-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-cpp-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-cpp-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-debuginfo-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-demos-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-glib-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-glib-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-qt-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-qt-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-utils-0.26.5-42.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evince / evince-browser-plugin / evince-debuginfo / evince-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T13:15:09", "description": "The tiff_document_render() and tiff_document_get_thumbnail() functions\nin the TIFF document backend in GNOME Evince through 3.32.0 did not\nhandle errors from TIFFReadRGBAImageOriented(), leading to\nuninitialized memory use when processing certain TIFF image files.\n(CVE-2019-11459)\n\nPoppler before 0.66.0 has an integer overflow in Parser::makeStream in\nParser.cc. (CVE-2018-21009)\n\nThe JPXStream::init function in Poppler 0.78.0 and earlier doesn't\ncheck for negative values of stream length, leading to an Integer\nOverflow, thereby making it possible to allocate a large memory chunk\non the heap, with a size controlled by an attacker, as demonstrated by\npdftocairo. (CVE-2019-9959)\n\nAn issue was discovered in Poppler 0.74.0. There is a heap-based\nbuffer over-read in the function PSOutputDev::checkPageSlice at\nPSOutputDev.cc. (CVE-2019-10871)\n\nIn Poppler through 0.76.1, there is a heap-based buffer over-read in\nJPXStream::init in JPEG2000Stream.cc via data with inconsistent\nheights or widths. (CVE-2019-12293)", "edition": 3, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-20T00:00:00", "title": "Amazon Linux AMI : poppler (ALAS-2020-1398)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-11459", "CVE-2019-9959"], "modified": "2020-07-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:poppler", "p-cpe:/a:amazon:linux:poppler-cpp", "p-cpe:/a:amazon:linux:poppler-cpp-devel", "p-cpe:/a:amazon:linux:poppler-glib-devel", "p-cpe:/a:amazon:linux:poppler-glib", "p-cpe:/a:amazon:linux:poppler-utils", "p-cpe:/a:amazon:linux:poppler-devel", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:poppler-debuginfo"], "id": "ALA_ALAS-2020-1398.NASL", "href": "https://www.tenable.com/plugins/nessus/138640", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1398.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138640);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2018-21009\", \"CVE-2019-10871\", \"CVE-2019-11459\", \"CVE-2019-12293\", \"CVE-2019-9959\");\n script_xref(name:\"ALAS\", value:\"2020-1398\");\n\n script_name(english:\"Amazon Linux AMI : poppler (ALAS-2020-1398)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The tiff_document_render() and tiff_document_get_thumbnail() functions\nin the TIFF document backend in GNOME Evince through 3.32.0 did not\nhandle errors from TIFFReadRGBAImageOriented(), leading to\nuninitialized memory use when processing certain TIFF image files.\n(CVE-2019-11459)\n\nPoppler before 0.66.0 has an integer overflow in Parser::makeStream in\nParser.cc. (CVE-2018-21009)\n\nThe JPXStream::init function in Poppler 0.78.0 and earlier doesn't\ncheck for negative values of stream length, leading to an Integer\nOverflow, thereby making it possible to allocate a large memory chunk\non the heap, with a size controlled by an attacker, as demonstrated by\npdftocairo. (CVE-2019-9959)\n\nAn issue was discovered in Poppler 0.74.0. There is a heap-based\nbuffer over-read in the function PSOutputDev::checkPageSlice at\nPSOutputDev.cc. (CVE-2019-10871)\n\nIn Poppler through 0.76.1, there is a heap-based buffer over-read in\nJPXStream::init in JPEG2000Stream.cc via data with inconsistent\nheights or widths. (CVE-2019-12293)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1398.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update poppler' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"poppler-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-cpp-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-cpp-devel-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-debuginfo-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-devel-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-glib-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-glib-devel-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-utils-0.26.5-42.20.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-cpp / poppler-cpp-devel / poppler-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:37:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20650", "CVE-2018-20481"], "description": "It was discovered that poppler incorrectly handled certain PDF files. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2018-20481, CVE-2018-20650)", "edition": 3, "modified": "2019-01-22T00:00:00", "published": "2019-01-22T00:00:00", "id": "USN-3865-1", "href": "https://ubuntu.com/security/notices/USN-3865-1", "title": "poppler vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-26T06:40:22", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27778", "CVE-2019-10871", "CVE-2019-13283", "CVE-2018-21009", "CVE-2019-9959"], "description": "It was discovered that Poppler incorrectly handled certain files. If a user \nor automated system were tricked into opening a crafted PDF file, an \nattacker could cause a denial of service.", "edition": 1, "modified": "2020-11-25T00:00:00", "published": "2020-11-25T00:00:00", "id": "USN-4646-1", "href": "https://ubuntu.com/security/notices/USN-4646-1", "title": "poppler vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:17", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-9959"], "description": "**Issue Overview:**\n\nAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. ([CVE-2019-10871 __](<https://access.redhat.com/security/cve/CVE-2019-10871>))\n\nPoppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.([CVE-2018-21009 __](<https://access.redhat.com/security/cve/CVE-2018-21009>))\n\nThe JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. ([CVE-2019-9959 __](<https://access.redhat.com/security/cve/CVE-2019-9959>))\n\nIn Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. ([CVE-2019-12293 __](<https://access.redhat.com/security/cve/CVE-2019-12293>))\n\n \n**Affected Packages:** \n\n\npoppler\n\n \n**Issue Correction:** \nRun _yum update poppler_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n poppler-0.26.5-42.amzn2.aarch64 \n poppler-devel-0.26.5-42.amzn2.aarch64 \n poppler-glib-0.26.5-42.amzn2.aarch64 \n poppler-glib-devel-0.26.5-42.amzn2.aarch64 \n poppler-qt-0.26.5-42.amzn2.aarch64 \n poppler-qt-devel-0.26.5-42.amzn2.aarch64 \n poppler-cpp-0.26.5-42.amzn2.aarch64 \n poppler-cpp-devel-0.26.5-42.amzn2.aarch64 \n poppler-utils-0.26.5-42.amzn2.aarch64 \n poppler-demos-0.26.5-42.amzn2.aarch64 \n poppler-debuginfo-0.26.5-42.amzn2.aarch64 \n \n i686: \n poppler-0.26.5-42.amzn2.i686 \n poppler-devel-0.26.5-42.amzn2.i686 \n poppler-glib-0.26.5-42.amzn2.i686 \n poppler-glib-devel-0.26.5-42.amzn2.i686 \n poppler-qt-0.26.5-42.amzn2.i686 \n poppler-qt-devel-0.26.5-42.amzn2.i686 \n poppler-cpp-0.26.5-42.amzn2.i686 \n poppler-cpp-devel-0.26.5-42.amzn2.i686 \n poppler-utils-0.26.5-42.amzn2.i686 \n poppler-demos-0.26.5-42.amzn2.i686 \n poppler-debuginfo-0.26.5-42.amzn2.i686 \n \n src: \n poppler-0.26.5-42.amzn2.src \n \n x86_64: \n poppler-0.26.5-42.amzn2.x86_64 \n poppler-devel-0.26.5-42.amzn2.x86_64 \n poppler-glib-0.26.5-42.amzn2.x86_64 \n poppler-glib-devel-0.26.5-42.amzn2.x86_64 \n poppler-qt-0.26.5-42.amzn2.x86_64 \n poppler-qt-devel-0.26.5-42.amzn2.x86_64 \n poppler-cpp-0.26.5-42.amzn2.x86_64 \n poppler-cpp-devel-0.26.5-42.amzn2.x86_64 \n poppler-utils-0.26.5-42.amzn2.x86_64 \n poppler-demos-0.26.5-42.amzn2.x86_64 \n poppler-debuginfo-0.26.5-42.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2020-08-18T20:33:00", "published": "2020-08-18T20:33:00", "id": "ALAS2-2020-1481", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1481.html", "title": "Medium: poppler", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-11459", "CVE-2019-9959"], "description": "**Issue Overview:**\n\nThe tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. ([CVE-2019-11459 __](<https://access.redhat.com/security/cve/CVE-2019-11459>))\n\nPoppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. ([CVE-2018-21009 __](<https://access.redhat.com/security/cve/CVE-2018-21009>))\n\nThe JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. ([CVE-2019-9959 __](<https://access.redhat.com/security/cve/CVE-2019-9959>))\n\nAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. ([CVE-2019-10871 __](<https://access.redhat.com/security/cve/CVE-2019-10871>))\n\nIn Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. ([CVE-2019-12293 __](<https://access.redhat.com/security/cve/CVE-2019-12293>))\n\n \n**Affected Packages:** \n\n\npoppler\n\n \n**Issue Correction:** \nRun _yum update poppler_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n poppler-devel-0.26.5-42.20.amzn1.i686 \n poppler-debuginfo-0.26.5-42.20.amzn1.i686 \n poppler-utils-0.26.5-42.20.amzn1.i686 \n poppler-glib-0.26.5-42.20.amzn1.i686 \n poppler-0.26.5-42.20.amzn1.i686 \n poppler-cpp-devel-0.26.5-42.20.amzn1.i686 \n poppler-glib-devel-0.26.5-42.20.amzn1.i686 \n poppler-cpp-0.26.5-42.20.amzn1.i686 \n \n src: \n poppler-0.26.5-42.20.amzn1.src \n \n x86_64: \n poppler-utils-0.26.5-42.20.amzn1.x86_64 \n poppler-debuginfo-0.26.5-42.20.amzn1.x86_64 \n poppler-glib-devel-0.26.5-42.20.amzn1.x86_64 \n poppler-cpp-devel-0.26.5-42.20.amzn1.x86_64 \n poppler-glib-0.26.5-42.20.amzn1.x86_64 \n poppler-devel-0.26.5-42.20.amzn1.x86_64 \n poppler-0.26.5-42.20.amzn1.x86_64 \n poppler-cpp-0.26.5-42.20.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2020-07-14T02:14:00", "published": "2020-07-14T02:14:00", "id": "ALAS-2020-1398", "href": "https://alas.aws.amazon.com/ALAS-2020-1398.html", "title": "Medium: poppler", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:37:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20650", "CVE-2018-18897", "CVE-2019-7310", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-20481", "CVE-2018-16646", "CVE-2018-20662", "CVE-2018-19149", "CVE-2019-9631", "CVE-2019-9200"], "description": "**Issue Overview:**\n\nXRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.([CVE-2018-20481 __](<https://access.redhat.com/security/cve/CVE-2018-20481>))\n\nIn Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. ([CVE-2018-16646 __](<https://access.redhat.com/security/cve/CVE-2018-16646>))\n\nPoppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.([CVE-2019-9631 __](<https://access.redhat.com/security/cve/CVE-2019-9631>))\n\nA reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.([CVE-2018-20650 __](<https://access.redhat.com/security/cve/CVE-2018-20650>))\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.([CVE-2018-19059 __](<https://access.redhat.com/security/cve/CVE-2018-19059>))\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.([CVE-2018-19058 __](<https://access.redhat.com/security/cve/CVE-2018-19058>))\n\nPoppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.([CVE-2018-19149 __](<https://access.redhat.com/security/cve/CVE-2018-19149>))\n\nIn Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.([CVE-2019-7310 __](<https://access.redhat.com/security/cve/CVE-2019-7310>))\n\nAn issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.([CVE-2018-18897 __](<https://access.redhat.com/security/cve/CVE-2018-18897>))\n\nAn issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.([CVE-2018-19060 __](<https://access.redhat.com/security/cve/CVE-2018-19060>))\n\nA heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.([CVE-2019-9200 __](<https://access.redhat.com/security/cve/CVE-2019-9200>))\n\nIn Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.([CVE-2018-20662 __](<https://access.redhat.com/security/cve/CVE-2018-20662>))\n\n \n**Affected Packages:** \n\n\npoppler\n\n \n**Issue Correction:** \nRun _yum update poppler_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n poppler-devel-0.26.5-38.19.amzn1.i686 \n poppler-glib-devel-0.26.5-38.19.amzn1.i686 \n poppler-cpp-devel-0.26.5-38.19.amzn1.i686 \n poppler-0.26.5-38.19.amzn1.i686 \n poppler-utils-0.26.5-38.19.amzn1.i686 \n poppler-glib-0.26.5-38.19.amzn1.i686 \n poppler-debuginfo-0.26.5-38.19.amzn1.i686 \n poppler-cpp-0.26.5-38.19.amzn1.i686 \n \n src: \n poppler-0.26.5-38.19.amzn1.src \n \n x86_64: \n poppler-cpp-0.26.5-38.19.amzn1.x86_64 \n poppler-0.26.5-38.19.amzn1.x86_64 \n poppler-cpp-devel-0.26.5-38.19.amzn1.x86_64 \n poppler-debuginfo-0.26.5-38.19.amzn1.x86_64 \n poppler-utils-0.26.5-38.19.amzn1.x86_64 \n poppler-devel-0.26.5-38.19.amzn1.x86_64 \n poppler-glib-devel-0.26.5-38.19.amzn1.x86_64 \n poppler-glib-0.26.5-38.19.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2019-08-23T17:01:00", "published": "2019-08-23T17:01:00", "id": "ALAS-2019-1271", "href": "https://alas.aws.amazon.com/ALAS-2019-1271.html", "title": "Medium: poppler", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:37:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20650", "CVE-2018-18897", "CVE-2019-7310", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-20481", "CVE-2018-16646", "CVE-2018-20662", "CVE-2018-19149", "CVE-2019-9631", "CVE-2019-9200"], "description": "**Issue Overview:**\n\nIn Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.([CVE-2018-16646 __](<https://access.redhat.com/security/cve/CVE-2018-16646>))\n\nAn issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.([CVE-2018-18897 __](<https://access.redhat.com/security/cve/CVE-2018-18897>))\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.([CVE-2018-19058 __](<https://access.redhat.com/security/cve/CVE-2018-19058>))\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.([CVE-2018-19059 __](<https://access.redhat.com/security/cve/CVE-2018-19059>))\n\nAn issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.([CVE-2018-19060 __](<https://access.redhat.com/security/cve/CVE-2018-19060>))\n\nPoppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.([CVE-2018-19149 __](<https://access.redhat.com/security/cve/CVE-2018-19149>))\n\nXRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.([CVE-2018-20481 __](<https://access.redhat.com/security/cve/CVE-2018-20481>))\n\nA reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.([CVE-2018-20650 __](<https://access.redhat.com/security/cve/CVE-2018-20650>))\n\nIn Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.([CVE-2018-20662 __](<https://access.redhat.com/security/cve/CVE-2018-20662>))\n\nIn Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.([CVE-2019-7310 __](<https://access.redhat.com/security/cve/CVE-2019-7310>))\n\nA heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.([CVE-2019-9200 __](<https://access.redhat.com/security/cve/CVE-2019-9200>))\n\nPoppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.([CVE-2019-9631 __](<https://access.redhat.com/security/cve/CVE-2019-9631>))\n\n \n**Affected Packages:** \n\n\npoppler\n\n \n**Issue Correction:** \nRun _yum update poppler_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n poppler-0.26.5-38.amzn2.aarch64 \n poppler-devel-0.26.5-38.amzn2.aarch64 \n poppler-glib-0.26.5-38.amzn2.aarch64 \n poppler-glib-devel-0.26.5-38.amzn2.aarch64 \n poppler-qt-0.26.5-38.amzn2.aarch64 \n poppler-qt-devel-0.26.5-38.amzn2.aarch64 \n poppler-cpp-0.26.5-38.amzn2.aarch64 \n poppler-cpp-devel-0.26.5-38.amzn2.aarch64 \n poppler-utils-0.26.5-38.amzn2.aarch64 \n poppler-demos-0.26.5-38.amzn2.aarch64 \n poppler-debuginfo-0.26.5-38.amzn2.aarch64 \n \n i686: \n poppler-0.26.5-38.amzn2.i686 \n poppler-devel-0.26.5-38.amzn2.i686 \n poppler-glib-0.26.5-38.amzn2.i686 \n poppler-glib-devel-0.26.5-38.amzn2.i686 \n poppler-qt-0.26.5-38.amzn2.i686 \n poppler-qt-devel-0.26.5-38.amzn2.i686 \n poppler-cpp-0.26.5-38.amzn2.i686 \n poppler-cpp-devel-0.26.5-38.amzn2.i686 \n poppler-utils-0.26.5-38.amzn2.i686 \n poppler-demos-0.26.5-38.amzn2.i686 \n poppler-debuginfo-0.26.5-38.amzn2.i686 \n \n src: \n poppler-0.26.5-38.amzn2.src \n \n x86_64: \n poppler-0.26.5-38.amzn2.x86_64 \n poppler-devel-0.26.5-38.amzn2.x86_64 \n poppler-glib-0.26.5-38.amzn2.x86_64 \n poppler-glib-devel-0.26.5-38.amzn2.x86_64 \n poppler-qt-0.26.5-38.amzn2.x86_64 \n poppler-qt-devel-0.26.5-38.amzn2.x86_64 \n poppler-cpp-0.26.5-38.amzn2.x86_64 \n poppler-cpp-devel-0.26.5-38.amzn2.x86_64 \n poppler-utils-0.26.5-38.amzn2.x86_64 \n poppler-demos-0.26.5-38.amzn2.x86_64 \n poppler-debuginfo-0.26.5-38.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-10-21T18:01:00", "published": "2019-10-21T18:01:00", "id": "ALAS2-2019-1332", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1332.html", "title": "Medium: poppler", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650"], "description": "poppler is a PDF rendering library. ", "modified": "2019-01-24T04:34:33", "published": "2019-01-24T04:34:33", "id": "FEDORA:E01ED6076974", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: poppler-0.67.0-10.fc29", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-18267", "CVE-2018-13988", "CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650"], "description": "poppler is a PDF rendering library. ", "modified": "2019-02-08T02:30:13", "published": "2019-02-08T02:30:13", "id": "FEDORA:9501060491C8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: poppler-0.62.0-14.fc28", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12493", "CVE-2019-12515", "CVE-2019-12957", "CVE-2019-12958", "CVE-2019-13281", "CVE-2019-13282", "CVE-2019-13283", "CVE-2019-13286"], "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ", "modified": "2019-10-25T17:04:25", "published": "2019-10-25T17:04:25", "id": "FEDORA:DC0FE602EC13", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: xpdf-4.02-1.fc30", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12493", "CVE-2019-12515", "CVE-2019-12957", "CVE-2019-12958", "CVE-2019-13281", "CVE-2019-13282", "CVE-2019-13283", "CVE-2019-13286"], "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ", "modified": "2019-10-26T17:37:03", "published": "2019-10-26T17:37:03", "id": "FEDORA:17FC5606733A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: xpdf-4.02-1.fc31", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-12493", "CVE-2019-12515", "CVE-2019-12957", "CVE-2019-12958", "CVE-2019-13281", "CVE-2019-13282", "CVE-2019-13283", "CVE-2019-13286"], "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ", "modified": "2019-10-25T18:09:53", "published": "2019-10-25T18:09:53", "id": "FEDORA:0E9A0606E48B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xpdf-4.02-1.fc29", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16646", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650"], "description": "MinGW Windows Poppler library. ", "modified": "2019-02-18T02:04:58", "published": "2019-02-18T02:04:58", "id": "FEDORA:793E86418387", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-3.fc29", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16646", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310"], "description": "MinGW Windows Poppler library. ", "modified": "2019-03-15T18:30:03", "published": "2019-03-15T18:30:03", "id": "FEDORA:264CB604B3B9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-4.fc29", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-04-09T02:45:24", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-11459", "CVE-2019-9959"], "description": "evince\n[3.28.2-9]\n- Handle failure from TIFFReadRGBAImageOriented\n- Resolves: #1717352\npoppler\n[0.26.5-42]\n- Fix potential integer overflow and check length for negative values\n- Resolves: #1757283\n[0.26.5-41]\n- Ignore dict Length if it is broken\n- Resolves: #1733026\n[0.26.5-40]\n- Fail gracefully if not all components of JPEG2000Stream\n- have the same size\n- Resolves: #1723504\n[0.26.5-39]\n- Check whether input is RGB in PSOutputDev::checkPageSlice()\n- Resolves: #1697575", "edition": 1, "modified": "2020-04-06T00:00:00", "published": "2020-04-06T00:00:00", "id": "ELSA-2020-1074", "href": "http://linux.oracle.com/errata/ELSA-2020-1074.html", "title": "poppler and evince security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-14T08:35:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20650", "CVE-2018-18897", "CVE-2019-7310", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-20481", "CVE-2018-16646", "CVE-2018-20662", "CVE-2018-19149", "CVE-2019-9631", "CVE-2019-9200"], "description": "evince\n[3.28.2-8]\n- Do not free EvDocumentInfo in ev_window_save_print_settings(),\n- it is freed in EvDocuments destructor\n- Resolves: #1541358\n[3.28.2-7]\n- Do not store page-scaling for documents with enforced\n- page-scaling\n- Resolves: #1541358\n[3.28.2-6]\n- Use PrintScaling preference stored in PDFs\n- Resolves: #1541358\nokular\n[4.10.5-7]\n- Fix patch adding information about substituting font\n Resolves: bz#1458037\n[4.10.5-6]\n- Fix broken dependency on kde-runtime\n Resolves: bz#1670723\n[4.10.5-5]\n- Add information about substituting font\n Resolves: bz#1458037\npoppler\n[0.26.5-38]\n- Constrain number of cycles in rescale filter\n- Compute correct coverage values for box filter\n- Resolves: #1688417\n[0.26.5-37]\n- Fix tiling patterns when pattern cell is too far\n- Resolves: #1378961\n[0.26.5-36]\n- Fix version from which PrintScaling is available\n- Resolves: #1658304\n[0.26.5-35]\n- Export PrintScaling viewer preference in glib frontend\n- Related: #1658304\n[0.26.5-34]\n- Fix a memory leak detected by Coverity Scan\n- Related: #1636103\n[0.26.5-33]\n- Only embed mime data for gray/rgb/cmyk colorspaces\n- if image decode map is identity\n- Resolves: #1636103\n[0.26.5-32]\n- Fix possible crash on broken files in ImageStream::getLine()\n- Resolves: #1685267\n[0.26.5-31]\n- Avoid global display profile state becoming an uncontrolled\n- memory leak\n- Resolves: #1648860\n[0.26.5-30]\n- Check for missing pages in documents passed to pdfunite\n- Resolves: #1677348\n[0.26.5-29]\n- Dont reuse 'entry' in Parser::makeStream\n- Resolves: #1677058\n[0.26.5-28]\n- Move the fileSpec.dictLookup call inside fileSpec.isDict if\n- Resolves: #1677029\n[0.26.5-27]\n- Defend against requests for negative XRef indices\n- Resolves: #1673700\n[0.26.5-26]\n- Add font substituteName() getter to Qt bindings\n- Resolves: bz#1639595\n[0.26.5-25]\n- Check for valid file name of embedded file\n- Resolves: #1651307\n[0.26.5-24]\n- Check for valid embedded file before trying to save it\n- Resolves: #1651306\n[0.26.5-23]\n- Check for stream before calling stream methods\n- when saving an embedded file\n- Resolves: #1651305\n[0.26.5-22]\n- Fix crash on missing embedded file\n- Resolves: #1651309\n[0.26.5-21]\n- Avoid cycles in PDF parsing\n- Resolves: #1640295", "edition": 1, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "ELSA-2019-2022", "href": "http://linux.oracle.com/errata/ELSA-2019-2022.html", "title": "poppler security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-12T20:47:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10871", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-18897", "CVE-2019-7310", "CVE-2019-12293", "CVE-2018-20481", "CVE-2018-20662", "CVE-2019-9903", "CVE-2019-9959", "CVE-2019-9631", "CVE-2019-9200"], "description": "[0.66.0-11.el8_0.12]\n- Ignore dict Length if it is broken\n- Resolves: #1741146\n[0.66.0-11.el8_0.11]\n- Check whether input is RGB in PSOutputDev::checkPageSlice()\n- (also when using '-optimizecolorspace' flag)\n- Resolves: #1741145\n[0.66.0-11.el8_0.10]\n- Fail gracefully if not all components of JPEG2000Stream\n- have the same size\n- Resolves: #1740612\n[0.66.0-11.el8_0.9]\n- Fix stack overflow on broken file\n- Resolves: #1717867\n[0.66.0-11.el8_0.8]\n- Constrain number of cycles in rescale filter\n- Compute correct coverage values for box filter\n- Resolves: #1717866\n[0.66.0-11.el8_0.7]\n- Fix possible crash on broken files in ImageStream::getLine()\n- Resolves: #1717803\n[0.66.0-11.el8_0.6]\n- Move the fileSpec.dictLookup call inside fileSpec.isDict if\n- Resolves: #1717788\n[0.66.0-11.el8_0.5]\n- Defend against requests for negative XRef indices\n- Resolves: #1717779\n[0.66.0-11.el8_0.4]\n- Do not try to parse into unallocated XRef entry\n- Resolves: #1717790\n[0.66.0-11.el8_0.3]\n- Avoid global display profile state becoming an uncontrolled\n- memory leak\n- Resolves: #1717776\n[0.66.0-11.el8_0.2]\n- Check Catalog from XRef for being a Dict\n- Resolves: #1690480\n[0.66.0-11.el8_0.1]\n- Do not try to construct invalid rich media annotation assets\n- Resolves: #1690478\n[0.66.0-11]\n- Fix tiling patterns when pattern cell is too far\n- Resolves: #1644094", "edition": 1, "modified": "2019-09-12T00:00:00", "published": "2019-09-12T00:00:00", "id": "ELSA-2019-2713", "href": "http://linux.oracle.com/errata/ELSA-2019-2713.html", "title": "poppler security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-08-31T14:08:27", "bulletinFamily": "unix", "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-11459", "CVE-2019-12293", "CVE-2019-9959"], "description": "Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.\n\nThe evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.\n\nSecurity Fix(es):\n\n* poppler: integer overflow in Parser::makeStream in Parser.cc (CVE-2018-21009)\n\n* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\n* evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.", "modified": "2020-08-31T16:19:52", "published": "2020-03-31T13:15:25", "id": "RHSA-2020:1074", "href": "https://access.redhat.com/errata/RHSA-2020:1074", "type": "redhat", "title": "(RHSA-2020:1074) Moderate: poppler and evince security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-15T00:44:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "description": "Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular.\n\nSecurity Fix(es):\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n* poppler: reachable abort in Object.h (CVE-2018-19058)\n\n* poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059)\n\n* poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)\n\n* poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "modified": "2019-08-06T13:42:34", "published": "2019-08-06T11:51:02", "id": "RHSA-2019:2022", "href": "https://access.redhat.com/errata/RHSA-2019:2022", "type": "redhat", "title": "(RHSA-2019:2022) Moderate: poppler security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-10T18:48:04", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10871", "CVE-2019-12293", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631", "CVE-2019-9903", "CVE-2019-9959"], "description": "Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.\n\nSecurity Fix(es):\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n* poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\n* poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903)\n\n* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-09-10T21:42:35", "published": "2019-09-10T19:32:22", "id": "RHSA-2019:2713", "href": "https://access.redhat.com/errata/RHSA-2019:2713", "type": "redhat", "title": "(RHSA-2019:2713) Moderate: poppler security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-04-08T22:43:05", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-11459", "CVE-2019-9959"], "description": "**CentOS Errata and Security Advisory** CESA-2020:1074\n\n\nPoppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.\n\nThe evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.\n\nSecurity Fix(es):\n\n* poppler: integer overflow in Parser::makeStream in Parser.cc (CVE-2018-21009)\n\n* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\n* evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-April/012440.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-April/012567.html\n\n**Affected packages:**\nevince\nevince-browser-plugin\nevince-devel\nevince-dvi\nevince-libs\nevince-nautilus\npoppler\npoppler-cpp\npoppler-cpp-devel\npoppler-demos\npoppler-devel\npoppler-glib\npoppler-glib-devel\npoppler-qt\npoppler-qt-devel\npoppler-utils\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-04-08T19:07:43", "published": "2020-04-08T17:56:37", "id": "CESA-2020:1074", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2020-April/012440.html", "title": "evince, poppler security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:27:45", "bulletinFamily": "unix", "cvelist": ["CVE-2018-20650", "CVE-2018-18897", "CVE-2019-7310", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-20481", "CVE-2018-16646", "CVE-2018-20662", "CVE-2018-19149", "CVE-2019-9631", "CVE-2019-9200"], "description": "**CentOS Errata and Security Advisory** CESA-2019:2022\n\n\nPoppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular.\n\nSecurity Fix(es):\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n* poppler: reachable abort in Object.h (CVE-2018-19058)\n\n* poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059)\n\n* poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)\n\n* poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/005860.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/006020.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/006052.html\n\n**Affected packages:**\nevince\nevince-browser-plugin\nevince-devel\nevince-dvi\nevince-libs\nevince-nautilus\nokular\nokular-devel\nokular-libs\nokular-part\npoppler\npoppler-cpp\npoppler-cpp-devel\npoppler-demos\npoppler-devel\npoppler-glib\npoppler-glib-devel\npoppler-qt\npoppler-qt-devel\npoppler-utils\n\n**Upstream details at:**\n", "edition": 2, "modified": "2019-08-30T03:59:37", "published": "2019-08-30T02:44:38", "id": "CESA-2019:2022", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2019-August/005860.html", "title": "evince, okular, poppler security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}