Debian DLA-1939-1 : poppler security update

2019-10-01T00:00:00

Description

Several issues in poppler, a PDF rendering library, have been fixed. CVE-2018-20650 A missing check for the dict data type could lead to a denial of service. CVE-2018-21009 An integer overflow might happen in Parser::makeStream. CVE-2019-12493 A stack-based buffer over-read by a crafted PDF file might happen in PostScriptFunction::transform because some functions mishandle tint transformation. For Debian 8 'Jessie', these problems have been fixed in version 0.26.5-2+deb8u11. We recommend that you upgrade your poppler packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "DEBIAN_DLA-1939.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-1939-1 : poppler security update", "description": "Several issues in poppler, a PDF rendering library, have been fixed.\n\nCVE-2018-20650\n\nA missing check for the dict data type could lead to a denial of service.\n\nCVE-2018-21009\n\nAn integer overflow might happen in Parser::makeStream.\n\nCVE-2019-12493\n\nA stack-based buffer over-read by a crafted PDF file might happen in PostScriptFunction::transform because some functions mishandle tint transformation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 0.26.5-2+deb8u11.\n\nWe recommend that you upgrade your poppler packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2019-10-01T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/129475", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12493", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20650", "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html", "https://packages.debian.org/source/jessie/poppler", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21009"], "cvelist": ["CVE-2018-20650", "CVE-2018-21009", "CVE-2019-12493"], "immutableFields": [], "lastseen": "2022-03-24T21:52:09", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2019-1271", "ALAS-2020-1398", "ALAS2-2019-1332", "ALAS2-2020-1481"]}, {"type": "centos", "idList": ["CESA-2019:2022", "CESA-2020:1074"]}, {"type": "cve", "idList": ["CVE-2018-20650", "CVE-2018-21009", "CVE-2019-12493"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1939-1:7E56E", "DEBIAN:DLA-2287-1:32EF5", "DEBIAN:DLA-2287-1:E380D", "DEBIAN:DLA-2440-1:A36E2"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-20650", "DEBIANCVE:CVE-2018-21009", "DEBIANCVE:CVE-2019-12493"]}, {"type": "fedora", "idList": ["FEDORA:0E9A0606E48B", "FEDORA:17FC5606733A", "FEDORA:264CB604B3B9", "FEDORA:793E86418387", "FEDORA:9501060491C8", "FEDORA:DC0FE602EC13", "FEDORA:E01ED6076974"]}, {"type": "mageia", "idList": ["MGASA-2019-0092"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1332.NASL", "AL2_ALAS-2020-1481.NASL", "ALA_ALAS-2019-1271.NASL", "ALA_ALAS-2020-1398.NASL", "CENTOS8_RHSA-2019-2713.NASL", "CENTOS_RHSA-2019-2022.NASL", "CENTOS_RHSA-2020-1074.NASL", "DEBIAN_DLA-2287.NASL", "DEBIAN_DLA-2440.NASL", "EULEROS_SA-2019-2224.NASL", "EULEROS_SA-2019-2269.NASL", "EULEROS_SA-2020-1173.NASL", "EULEROS_SA-2020-2561.NASL", "EULEROS_SA-2021-1347.NASL", "EULEROS_SA-2021-1832.NASL", "EULEROS_SA-2021-2425.NASL", "FEDORA_2019-01DA705767.NASL", "FEDORA_2019-40F4AF0687.NASL", "FEDORA_2019-759BA8202B.NASL", "FEDORA_2019-7FF7F5093E.NASL", "FEDORA_2019-A457286734.NASL", "NEWSTART_CGSL_NS-SA-2019-0202_POPPLER.NASL", "NEWSTART_CGSL_NS-SA-2019-0249_POPPLER.NASL", "NEWSTART_CGSL_NS-SA-2020-0074_POPPLER.NASL", "NEWSTART_CGSL_NS-SA-2020-0110_POPPLER.NASL", "OPENSUSE-2021-3854.NASL", "ORACLELINUX_ELSA-2019-2713.NASL", "REDHAT-RHSA-2019-2022.NASL", "REDHAT-RHSA-2019-2713.NASL", "REDHAT-RHSA-2020-1074.NASL", "SL_20190806_POPPLER_ON_SL7_X.NASL", "SL_20200407_POPPLER_AND_EVINCE_ON_SL7_X.NASL", "SUSE_SU-2021-3854-1.NASL", "UBUNTU_USN-4646-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843876", "OPENVAS:1361412562310875445", "OPENVAS:1361412562310875603", "OPENVAS:1361412562310875676", "OPENVAS:1361412562310875740", "OPENVAS:1361412562310876936", "OPENVAS:1361412562310876942", "OPENVAS:1361412562310877233", "OPENVAS:1361412562310891939", "OPENVAS:1361412562311220192224", "OPENVAS:1361412562311220192269", "OPENVAS:1361412562311220201173"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2022", "ELSA-2019-2713", "ELSA-2020-1074"]}, {"type": "osv", "idList": ["OSV:DLA-1939-1", "OSV:DLA-2287-1", "OSV:DLA-2440-1"]}, {"type": "redhat", "idList": ["RHSA-2019:2022", "RHSA-2019:2713", "RHSA-2020:1074"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-20650", "RH:CVE-2018-21009"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:3854-1"]}, {"type": "ubuntu", "idList": ["USN-3865-1", "USN-4646-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-20650", "UB:CVE-2018-21009", "UB:CVE-2019-12493"]}, {"type": "veracode", "idList": ["VERACODE:21449"]}]}, "score": {"value": -0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2019-1271"]}, {"type": "centos", "idList": ["CESA-2019:2022"]}, {"type": "cve", "idList": ["CVE-2018-20650", "CVE-2018-21009"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1939-1:7E56E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-20650", "DEBIANCVE:CVE-2018-21009", "DEBIANCVE:CVE-2019-12493"]}, {"type": "fedora", "idList": ["FEDORA:264CB604B3B9", "FEDORA:793E86418387", "FEDORA:9501060491C8", "FEDORA:E01ED6076974"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2018-21009/", "MSF:ILITIES/AMAZON_LINUX-CVE-2018-21009/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2018-21009/"]}, {"type": "nessus", "idList": ["FEDORA_2019-40F4AF0687.NASL", "FEDORA_2019-7FF7F5093E.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310813061", "OPENVAS:1361412562310843876", "OPENVAS:1361412562310875445", "OPENVAS:1361412562310891939"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2022", "ELSA-2019-2713"]}, {"type": "redhat", "idList": ["RHSA-2019:2022", "RHSA-2019:2713"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-20650", "RH:CVE-2018-21009"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:3854-1"]}, {"type": "ubuntu", "idList": ["USN-3865-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-21009"]}]}, "exploitation": null, "vulnersScore": -0.3}, "_state": {"dependencies": 1659994789, "score": 1659871707}, "_internal": {"score_hash": "cbf4540f86a540e45fc90db29cda9876"}, "pluginID": "129475", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1939-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129475);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-20650\", \"CVE-2018-21009\", \"CVE-2019-12493\");\n\n script_name(english:\"Debian DLA-1939-1 : poppler security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues in poppler, a PDF rendering library, have been fixed.\n\nCVE-2018-20650\n\nA missing check for the dict data type could lead to a denial of\nservice.\n\nCVE-2018-21009\n\nAn integer overflow might happen in Parser::makeStream.\n\nCVE-2019-12493\n\nA stack-based buffer over-read by a crafted PDF file might happen in\nPostScriptFunction::transform because some functions mishandle tint\ntransformation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n0.26.5-2+deb8u11.\n\nWe recommend that you upgrade your poppler packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/poppler\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-cpp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-glib-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-glib-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-glib8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-private-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt4-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt5-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler46\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:poppler-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"gir1.2-poppler-0.18\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-cpp-dev\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-cpp0\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-dev\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-glib-dev\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-glib-doc\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-glib8\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-private-dev\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-qt4-4\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-qt4-dev\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-qt5-1\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler-qt5-dev\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libpoppler46\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"poppler-dbg\", reference:\"0.26.5-2+deb8u11\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"poppler-utils\", reference:\"0.26.5-2+deb8u11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18", "p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev", "p-cpe:/a:debian:debian_linux:libpoppler-cpp0", "p-cpe:/a:debian:debian_linux:libpoppler-dev", "p-cpe:/a:debian:debian_linux:libpoppler-glib-dev", "p-cpe:/a:debian:debian_linux:libpoppler-glib-doc", "p-cpe:/a:debian:debian_linux:libpoppler-glib8", "p-cpe:/a:debian:debian_linux:libpoppler-private-dev", "p-cpe:/a:debian:debian_linux:libpoppler-qt4-4", "p-cpe:/a:debian:debian_linux:libpoppler-qt4-dev", "p-cpe:/a:debian:debian_linux:libpoppler-qt5-1", "p-cpe:/a:debian:debian_linux:libpoppler-qt5-dev", "p-cpe:/a:debian:debian_linux:libpoppler46", "p-cpe:/a:debian:debian_linux:poppler-dbg", "p-cpe:/a:debian:debian_linux:poppler-utils", "cpe:/o:debian:debian_linux:8.0"], "solution": "Upgrade the affected packages.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2019-09-30T00:00:00", "vulnerabilityPublicationDate": "2019-01-01T00:00:00", "exploitableWith": []}

{"osv": [{"lastseen": "2022-07-21T08:18:08", "description": "\nSeveral issues in poppler, a PDF rendering library, have been fixed.\n\n\n* [CVE-2018-20650](https://security-tracker.debian.org/tracker/CVE-2018-20650)\nA missing check for the dict data type could lead to a denial of\n service.\n* [CVE-2018-21009](https://security-tracker.debian.org/tracker/CVE-2018-21009)\nAn integer overflow might happen in Parser::makeStream.\n* [CVE-2019-12493](https://security-tracker.debian.org/tracker/CVE-2019-12493)\nA stack-based buffer over-read by a crafted PDF file might happen in\n PostScriptFunction::transform because some functions mishandle tint\n transformation.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n0.26.5-2+deb8u11.\n\n\nWe recommend that you upgrade your poppler packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-30T00:00:00", "type": "osv", "title": "poppler - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20650", "CVE-2018-21009", "CVE-2019-12493"], "modified": "2022-07-21T05:52:50", "id": "OSV:DLA-1939-1", "href": "https://osv.dev/vulnerability/DLA-1939-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:51", "description": "\nSeveral issues were found in Poppler, a PDF rendering library, that could\nlead to denial of service or possibly other unspecified impact when\nprocessing maliciously crafted documents.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.48.0-2+deb9u3.\n\n\nWe recommend that you upgrade your poppler packages.\n\n\nFor the detailed security status of poppler please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/poppler>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-23T00:00:00", "type": "osv", "title": "poppler - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18267", "CVE-2018-16646", "CVE-2018-20481", "CVE-2018-21009", "CVE-2019-10872", "CVE-2019-12293", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2022-08-05T05:18:49", "id": "OSV:DLA-2287-1", "href": "https://osv.dev/vulnerability/DLA-2287-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:16:14", "description": "\nSeveral issues were found and corrected in Poppler, a PDF rendering library,\nthat could lead to denial of service or possibly other unspecified impact when\nprocessing maliciously crafted documents.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.48.0-2+deb9u4.\n\n\nWe recommend that you upgrade your poppler packages.\n\n\nFor the detailed security status of poppler please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/poppler>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-08T00:00:00", "type": "osv", "title": "poppler - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14926", "CVE-2017-14928", "CVE-2018-19058", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10018", "CVE-2019-14494", "CVE-2019-7310", "CVE-2019-9959"], "modified": "2022-07-21T05:53:27", "id": "OSV:DLA-2440-1", "href": "https://osv.dev/vulnerability/DLA-2440-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-01-29T19:29:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-01T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for poppler (DLA-1939-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12493", "CVE-2018-20650", "CVE-2018-21009"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891939", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891939\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-20650\", \"CVE-2018-21009\", \"CVE-2019-12493\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-01 02:00:10 +0000 (Tue, 01 Oct 2019)\");\n script_name(\"Debian LTS: Security Advisory for poppler (DLA-1939-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1939-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the DLA-1939-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several issues in poppler, a PDF rendering library, have been fixed.\n\nCVE-2018-20650\n\nA missing check for the dict data type could lead to a denial of\nservice.\n\nCVE-2018-21009\n\nAn integer overflow might happen in Parser::makeStream.\n\nCVE-2019-12493\n\nA stack-based buffer over-read by a crafted PDF file might happen in\nPostScriptFunction::transform because some functions mishandle tint\ntransformation.\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n0.26.5-2+deb8u11.\n\nWe recommend that you upgrade your poppler packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"gir1.2-poppler-0.18\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-cpp-dev\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-cpp0\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-glib-doc\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-glib8\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-private-dev\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt4-4\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt4-dev\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt5-1\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt5-dev\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler46\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"poppler-dbg\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.26.5-2+deb8u11\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-01-23T00:00:00", "type": "openvas", "title": "Ubuntu Update for poppler USN-3865-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20650", "CVE-2018-20481"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843876", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843876", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3865_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for poppler USN-3865-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2019 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843876\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-20481\", \"CVE-2018-20650\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-01-23 04:01:39 +0100 (Wed, 23 Jan 2019)\");\n script_name(\"Ubuntu Update for poppler USN-3865-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|18\\.04 LTS|18\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3865-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3865-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the USN-3865-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that poppler incorrectly handled certain PDF files.\nAn attacker could possibly use this issue to cause a denial of service.\n(CVE-2018-20481, CVE-2018-20650)\");\n\n script_tag(name:\"affected\", value:\"poppler on Ubuntu 18.10,\n Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpoppler44\", ver:\"0.24.5-2ubuntu4.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.24.5-2ubuntu4.15\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpoppler73\", ver:\"0.62.0-2ubuntu2.6\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.62.0-2ubuntu2.6\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpoppler79\", ver:\"0.68.0-0ubuntu1.4\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.68.0-0ubuntu1.4\", rls:\"UBUNTU18.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libpoppler58\", ver:\"0.41.0-0ubuntu1.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.41.0-0ubuntu1.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-26T20:43:47", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-02-25T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2020-1173)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20650", "CVE-2018-19058", "CVE-2018-19059"], "modified": "2020-02-25T00:00:00", "id": "OPENVAS:1361412562311220201173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201173", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1173\");\n script_version(\"2020-02-25T13:57:56+0000\");\n script_cve_id(\"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-20650\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-25 13:57:56 +0000 (Tue, 25 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-25 13:57:56 +0000 (Tue, 25 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2020-1173)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1173\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1173\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2020-1173 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.67.0~1.h8.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.67.0~1.h8.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.67.0~1.h8.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.67.0~1.h8.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2019-7ff7f5093e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20551", "CVE-2018-20650", "CVE-2018-18897", "CVE-2018-20481"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875603", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875603", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875603\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-20551\", \"CVE-2018-20481\", \"CVE-2018-20650\", \"CVE-2018-18897\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:11:44 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for poppler FEDORA-2019-7ff7f5093e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-7ff7f5093e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CH33MK2BAV326CV7IKYGMFO4IYX552Z2\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the FEDORA-2019-7ff7f5093e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"poppler is a PDF rendering library.\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.67.0~10.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:14", "description": "The remote host is missing an update for the\n ", "cvss3": {}, "published": "2019-02-08T00:00:00", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2019-40f4af0687", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20551", "CVE-2018-20650", "CVE-2018-18897", "CVE-2018-13988", "CVE-2017-18267", "CVE-2018-20481"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875445", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875445", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875445\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-20551\", \"CVE-2018-20481\", \"CVE-2018-20650\", \"CVE-2018-13988\",\n \"CVE-2017-18267\", \"CVE-2018-18897\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2019-02-08 04:08:33 +0100 (Fri, 08 Feb 2019)\");\n script_name(\"Fedora Update for poppler FEDORA-2019-40f4af0687\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2019-40f4af0687\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WI67GY5HCZV6GQDYKCEAMSRY3LINJ7NS\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'poppler' package(s) announced via the FEDORA-2019-40f4af0687 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"affected\", value:\"poppler on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.62.0~14.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-14T14:48:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-09T00:00:00", "type": "openvas", "title": "Fedora Update for xpdf FEDORA-2019-759ba8202b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12957", "CVE-2019-12958", "CVE-2019-12493", "CVE-2019-13281", "CVE-2019-13283", "CVE-2019-13286", "CVE-2019-13282", "CVE-2019-12515"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310877233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877233", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877233\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-13286\", \"CVE-2019-13281\", \"CVE-2019-13282\", \"CVE-2019-13283\", \"CVE-2019-12957\", \"CVE-2019-12958\", \"CVE-2019-12493\", \"CVE-2019-12515\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:33:17 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for xpdf FEDORA-2019-759ba8202b\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-759ba8202b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xpdf'\n package(s) announced via the FEDORA-2019-759ba8202b advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files. Xpdf is a small and efficient program which uses\nstandard X fonts.\");\n\n script_tag(name:\"affected\", value:\"'xpdf' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~4.02~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T12:10:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-26T00:00:00", "type": "openvas", "title": "Fedora Update for xpdf FEDORA-2019-01da705767", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12957", "CVE-2019-12958", "CVE-2019-12493", "CVE-2019-13281", "CVE-2019-13283", "CVE-2019-13286", "CVE-2019-13282", "CVE-2019-12515"], "modified": "2019-10-30T00:00:00", "id": "OPENVAS:1361412562310876936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876936", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876936\");\n script_version(\"2019-10-30T10:03:24+0000\");\n script_cve_id(\"CVE-2019-13286\", \"CVE-2019-13281\", \"CVE-2019-13282\", \"CVE-2019-13283\", \"CVE-2019-12957\", \"CVE-2019-12958\", \"CVE-2019-12493\", \"CVE-2019-12515\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-30 10:03:24 +0000 (Wed, 30 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-26 02:27:29 +0000 (Sat, 26 Oct 2019)\");\n script_name(\"Fedora Update for xpdf FEDORA-2019-01da705767\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-01da705767\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xpdf'\n package(s) announced via the FEDORA-2019-01da705767 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files. Xpdf is a small and efficient program which uses\nstandard X fonts.\");\n\n script_tag(name:\"affected\", value:\"'xpdf' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~4.02~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-06T12:10:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-10-26T00:00:00", "type": "openvas", "title": "Fedora Update for xpdf FEDORA-2019-a457286734", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12957", "CVE-2019-12958", "CVE-2019-12493", "CVE-2019-13281", "CVE-2019-13283", "CVE-2019-13286", "CVE-2019-13282", "CVE-2019-12515"], "modified": "2019-10-30T00:00:00", "id": "OPENVAS:1361412562310876942", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876942", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876942\");\n script_version(\"2019-10-30T10:03:24+0000\");\n script_cve_id(\"CVE-2019-13286\", \"CVE-2019-13281\", \"CVE-2019-13282\", \"CVE-2019-13283\", \"CVE-2019-12957\", \"CVE-2019-12958\", \"CVE-2019-12493\", \"CVE-2019-12515\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-10-30 10:03:24 +0000 (Wed, 30 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-10-26 02:27:42 +0000 (Sat, 26 Oct 2019)\");\n script_name(\"Fedora Update for xpdf FEDORA-2019-a457286734\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-a457286734\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xpdf'\n package(s) announced via the FEDORA-2019-a457286734 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Xpdf is an X Window System based viewer for Portable Document Format\n(PDF) files. Xpdf is a small and efficient program which uses\nstandard X fonts.\");\n\n script_tag(name:\"affected\", value:\"'xpdf' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~4.02~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:14", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-poppler FEDORA-2019-b0bd3c604a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20551", "CVE-2018-20650", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-20481", "CVE-2018-16646", "CVE-2018-19149"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875676", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875676", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875676\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2018-20481\", \"CVE-2018-20551\", \"CVE-2018-20650\", \"CVE-2018-16646\", \"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-19060\", \"CVE-2018-19149\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:15:29 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for mingw-poppler FEDORA-2019-b0bd3c604a\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b0bd3c604a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDSUENJ3ORHLJ5M6MBMW4GDNONBLRXC3\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-poppler'\n package(s) announced via the FEDORA-2019-b0bd3c604a advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MinGW Windows Poppler library.\");\n\n script_tag(name:\"affected\", value:\"'mingw-poppler' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mingw-poppler\", rpm:\"mingw-poppler~0.67.0~3.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:34:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2269)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20650", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-16646", "CVE-2018-20662", "CVE-2018-19149", "CVE-2019-9631"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192269", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192269", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2269\");\n script_version(\"2020-01-23T12:43:46+0000\");\n script_cve_id(\"CVE-2018-16646\", \"CVE-2018-18897\", \"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-19060\", \"CVE-2018-19149\", \"CVE-2018-20650\", \"CVE-2018-20662\", \"CVE-2019-9631\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:43:46 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:43:46 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2269)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2269\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2269\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2019-2269 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.(CVE-2018-16646)\n\nAn issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897)\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\nAn issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060)\n\nPoppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018-19149)\n\nA reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\nIn Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)\n\nPoppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.26.5~17.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.26.5~17.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.26.5~17.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.26.5~17.h17\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:11", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2224)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20650", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-16646", "CVE-2018-20662", "CVE-2018-19149", "CVE-2017-7515"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192224", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192224", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2224\");\n script_version(\"2020-01-23T12:41:18+0000\");\n script_cve_id(\"CVE-2017-7515\", \"CVE-2018-16646\", \"CVE-2018-18897\", \"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-19060\", \"CVE-2018-19149\", \"CVE-2018-20650\", \"CVE-2018-20662\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:41:18 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:41:18 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2224)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2224\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2224\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2019-2224 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.(CVE-2017-7515)\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\nAn issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060)\n\nPoppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018-19149)\n\nA reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\nIn Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.(CVE-2018-16646)\n\nAn issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897)\n\nIn Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.26.5~17.h20.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.26.5~17.h20.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.26.5~17.h20.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.26.5~17.h20.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-poppler FEDORA-2019-7085420900", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20551", "CVE-2018-20650", "CVE-2019-7310", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-20481", "CVE-2018-16646", "CVE-2018-20662", "CVE-2018-19149"], "modified": "2019-05-14T00:00:00", "id": "OPENVAS:1361412562310875740", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875740", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875740\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-7310\", \"CVE-2018-20662\", \"CVE-2018-20481\", \"CVE-2018-20551\", \"CVE-2018-20650\", \"CVE-2018-16646\", \"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-19060\", \"CVE-2018-19149\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:18:55 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for mingw-poppler FEDORA-2019-7085420900\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-7085420900\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJWQCM3FLQRM6HGMJPQU3C3PKGYEB5N\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-poppler'\n package(s) announced via the FEDORA-2019-7085420900 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"MinGW Windows Poppler library.\");\n\n script_tag(name:\"affected\", value:\"'mingw-poppler' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mingw-poppler\", rpm:\"mingw-poppler~0.67.0~4.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-01-08T15:21:54", "description": "Package : poppler\nVersion : 0.26.5-2+deb8u11\nCVE ID : CVE-2018-20650 CVE-2018-21009 CVE-2019-12493\n\n\nSeveral issues in poppler, a PDF rendering library, have been fixed.\n\nCVE-2018-20650\n\n A missing check for the dict data type could lead to a denial of\n service.\n\nCVE-2018-21009\n\n An integer overflow might happen in Parser::makeStream.\n\nCVE-2019-12493\n\n A stack-based buffer over-read by a crafted PDF file might happen in\n PostScriptFunction::transform because some functions mishandle tint\n transformation.\n\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n0.26.5-2+deb8u11.\n\nWe recommend that you upgrade your poppler packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-30T20:29:28", "type": "debian", "title": "[SECURITY] [DLA 1939-1] poppler security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20650", "CVE-2018-21009", "CVE-2019-12493"], "modified": "2019-09-30T20:29:28", "id": "DEBIAN:DLA-1939-1:7E56E", "href": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-24T16:19:31", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2287-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nJuly 23, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : poppler\nVersion : 0.48.0-2+deb9u3\nCVE ID : CVE-2017-18267 CVE-2018-16646 CVE-2018-20481 CVE-2018-21009\n CVE-2019-9200 CVE-2019-9631 CVE-2019-10872 CVE-2019-12293\nDebian Bug : 898357 909802 917325 923414 926530 926673 929423\n\nSeveral issues were found in Poppler, a PDF rendering library, that could\nlead to denial of service or possibly other unspecified impact when\nprocessing maliciously crafted documents.\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.48.0-2+deb9u3.\n\nWe recommend that you upgrade your poppler packages.\n\nFor the detailed security status of poppler please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/poppler\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-23T10:16:10", "type": "debian", "title": "[SECURITY] [DLA 2287-1] poppler security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18267", "CVE-2018-16646", "CVE-2018-20481", "CVE-2018-21009", "CVE-2019-10872", "CVE-2019-12293", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2020-07-23T10:16:10", "id": "DEBIAN:DLA-2287-1:32EF5", "href": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T11:20:08", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2287-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Emilio Pozuelo Monfort\nJuly 23, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : poppler\nVersion : 0.48.0-2+deb9u3\nCVE ID : CVE-2017-18267 CVE-2018-16646 CVE-2018-20481 CVE-2018-21009\n CVE-2019-9200 CVE-2019-9631 CVE-2019-10872 CVE-2019-12293\nDebian Bug : 898357 909802 917325 923414 926530 926673 929423\n\nSeveral issues were found in Poppler, a PDF rendering library, that could\nlead to denial of service or possibly other unspecified impact when\nprocessing maliciously crafted documents.\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.48.0-2+deb9u3.\n\nWe recommend that you upgrade your poppler packages.\n\nFor the detailed security status of poppler please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/poppler\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-23T10:16:10", "type": "debian", "title": "[SECURITY] [DLA 2287-1] poppler security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18267", "CVE-2018-16646", "CVE-2018-20481", "CVE-2018-21009", "CVE-2019-10872", "CVE-2019-12293", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2020-07-23T10:16:10", "id": "DEBIAN:DLA-2287-1:E380D", "href": "https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-03T19:40:41", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2440-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nNovember 08, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : poppler\nVersion : 0.48.0-2+deb9u4\nCVE ID : CVE-2017-14926 CVE-2017-14928 CVE-2018-19058\n CVE-2018-20650 CVE-2018-20662 CVE-2019-7310\n CVE-2019-9959 CVE-2019-10018 CVE-2019-14494\nDebian Bug : 877239 877231 913177 917974 918158 926133\n 933812 921215 941776\n \nSeveral issues were found and corrected in Poppler, a PDF rendering library,\nthat could lead to denial of service or possibly other unspecified impact when\nprocessing maliciously crafted documents.\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.48.0-2+deb9u4.\n\nWe recommend that you upgrade your poppler packages.\n\nFor the detailed security status of poppler please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/poppler\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-11-08T23:59:37", "type": "debian", "title": "[SECURITY] [DLA 2440-1] poppler security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14926", "CVE-2017-14928", "CVE-2018-19058", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10018", "CVE-2019-14494", "CVE-2019-7310", "CVE-2019-9959"], "modified": "2020-11-08T23:59:37", "id": "DEBIAN:DLA-2440-1:A36E2", "href": "https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-09-11T15:14:28", "description": "A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2019-05-31T02:29:00", "type": "debiancve", "title": "CVE-2019-12493", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12493"], "modified": "2019-05-31T02:29:00", "id": "DEBIANCVE:CVE-2019-12493", "href": "https://security-tracker.debian.org/tracker/CVE-2019-12493", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-09-11T15:14:27", "description": "Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-05T04:15:00", "type": "debiancve", "title": "CVE-2018-21009", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21009"], "modified": "2019-09-05T04:15:00", "id": "DEBIANCVE:CVE-2018-21009", "href": "https://security-tracker.debian.org/tracker/CVE-2018-21009", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-11T15:14:27", "description": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-01-01T16:29:00", "type": "debiancve", "title": "CVE-2018-20650", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20650"], "modified": "2019-01-01T16:29:00", "id": "DEBIANCVE:CVE-2018-20650", "href": "https://security-tracker.debian.org/tracker/CVE-2018-20650", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:40:04", "description": "A stack-based buffer over-read exists in PostScriptFunction::transform in\nFunction.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and\nGfxDeviceNColorSpace mishandle tint transform functions. It can, for\nexample, be triggered by sending a crafted PDF document to the pdftops\ntool. It might allow an attacker to cause Denial of Service or leak memory\ndata.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | xpdf in koffice is 2.0 \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | as of 2022-01-05, xpdf commit not available. \n[ebarretto](<https://launchpad.net/~ebarretto>) | Marking emscripten ignored as poppler code is only for test/example. since 0.5.12-1 libextractor does not use xpdf anymore.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2019-05-31T00:00:00", "type": "ubuntucve", "title": "CVE-2019-12493", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12493"], "modified": "2019-05-31T00:00:00", "id": "UB:CVE-2019-12493", "href": "https://ubuntu.com/security/CVE-2019-12493", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-08-04T13:37:27", "description": "Poppler before 0.66.0 has an integer overflow in Parser::makeStream in\nParser.cc.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-05T00:00:00", "type": "ubuntucve", "title": "CVE-2018-21009", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21009"], "modified": "2019-09-05T00:00:00", "id": "UB:CVE-2018-21009", "href": "https://ubuntu.com/security/CVE-2018-21009", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:43:53", "description": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers\nto cause a denial of service due to the lack of a check for the dict data\ntype, as demonstrated by use of the FileSpec class (in FileSpec.cc) in\npdfdetach.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917974>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-01-01T00:00:00", "type": "ubuntucve", "title": "CVE-2018-20650", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20650"], "modified": "2019-01-01T00:00:00", "id": "UB:CVE-2018-20650", "href": "https://ubuntu.com/security/CVE-2018-20650", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T19:51:10", "description": "A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.2}, "published": "2019-05-31T02:29:00", "type": "cve", "title": "CVE-2019-12493", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12493"], "modified": "2019-09-30T23:15:00", "cpe": ["cpe:/a:glyphandcog:xpdfreader:4.01.01"], "id": "CVE-2019-12493", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12493", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T16:09:11", "description": "Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-05T04:15:00", "type": "cve", "title": "CVE-2018-21009", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21009"], "modified": "2020-07-23T12:15:00", "cpe": [], "id": "CVE-2018-21009", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-21009", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2022-03-23T15:56:16", "description": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-01-01T16:29:00", "type": "cve", "title": "CVE-2018-20650", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20650"], "modified": "2020-11-09T02:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:freedesktop:poppler:0.72.0", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2018-20650", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20650", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:freedesktop:poppler:0.72.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "nessus": [{"lastseen": "2022-03-22T21:03:21", "description": "The remote CentOS host is missing a security update which has been documented in Red Hat advisory RHSA-2020:1074.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-10T00:00:00", "type": "nessus", "title": "CentOS 7 : evince / poppler (CESA-2020:1074)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-21009"], "modified": "2020-06-05T00:00:00", "cpe": ["p-cpe:/a:centos:centos:evince", "p-cpe:/a:centos:centos:evince-browser-plugin", "p-cpe:/a:centos:centos:evince-devel", "p-cpe:/a:centos:centos:evince-dvi", "p-cpe:/a:centos:centos:evince-libs", "p-cpe:/a:centos:centos:evince-nautilus", "p-cpe:/a:centos:centos:poppler", "p-cpe:/a:centos:centos:poppler-cpp", "p-cpe:/a:centos:centos:poppler-cpp-devel", "p-cpe:/a:centos:centos:poppler-demos", "p-cpe:/a:centos:centos:poppler-devel", "p-cpe:/a:centos:centos:poppler-glib", "p-cpe:/a:centos:centos:poppler-glib-devel", "p-cpe:/a:centos:centos:poppler-qt", "p-cpe:/a:centos:centos:poppler-qt-devel", "p-cpe:/a:centos:centos:poppler-utils", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2020-1074.NASL", "href": "https://www.tenable.com/plugins/nessus/135331", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:1074 and \n# CentOS Errata and Security Advisory 2020:1074 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135331);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n script_xref(name:\"RHSA\", value:\"2020:1074\");\n\n script_name(english:\"CentOS 7 : evince / poppler (CESA-2020:1074)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote CentOS host is missing a security update which has been\ndocumented in Red Hat advisory RHSA-2020:1074.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012440.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f08cad0d\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012567.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?19c490bd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected evince and / or poppler packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-21009\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-browser-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-dvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-browser-plugin-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-devel-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-dvi-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-libs-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-nautilus-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-cpp-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-cpp-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-demos-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-glib-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-glib-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-qt-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-qt-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-utils-0.26.5-42.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evince / evince-browser-plugin / evince-devel / evince-dvi / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-15T14:35:53", "description": "According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.(CVE-2018-21009)\n\n - A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.(CVE-2019-12360)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.(CVE-2019-12293)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : poppler (EulerOS-SA-2020-2561)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-21009", "CVE-2019-12293", "CVE-2019-12360"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler-qt", "p-cpe:/a:huawei:euleros:poppler-utils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2561.NASL", "href": "https://www.tenable.com/plugins/nessus/144251", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144251);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-12293\",\n \"CVE-2019-12360\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : poppler (EulerOS-SA-2020-2561)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Poppler before 0.66.0 has an integer overflow in\n Parser::makeStream in Parser.cc.(CVE-2018-21009)\n\n - A stack-based buffer over-read exists in\n FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in\n Xpdf 4.01.01. It can, for example, be triggered by\n sending crafted TrueType data in a PDF document to the\n pdftops tool. It might allow an attacker to cause\n Denial of Service or leak memory data into dump\n content.(CVE-2019-12360)\n\n - In Poppler through 0.76.1, there is a heap-based buffer\n over-read in JPXStream::init in JPEG2000Stream.cc via\n data with inconsistent heights or\n widths.(CVE-2019-12293)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2561\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?58c8be90\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.26.5-17.h25.eulerosv2r7\",\n \"poppler-glib-0.26.5-17.h25.eulerosv2r7\",\n \"poppler-qt-0.26.5-17.h25.eulerosv2r7\",\n \"poppler-utils-0.26.5-17.h25.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:16:46", "description": "According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\n - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : poppler (EulerOS-SA-2020-1173)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19058", "CVE-2018-19059", "CVE-2018-20650"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler-qt", "p-cpe:/a:huawei:euleros:poppler-utils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1173.NASL", "href": "https://www.tenable.com/plugins/nessus/134007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134007);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-19058\",\n \"CVE-2018-19059\",\n \"CVE-2018-20650\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : poppler (EulerOS-SA-2020-1173)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A reachable Object::dictLookup assertion in Poppler\n 0.72.0 allows attackers to cause a denial of service\n due to the lack of a check for the dict data type, as\n demonstrated by use of the FileSpec class (in\n FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n out-of-bounds read in EmbFile::save2 in FileSpec.cc,\n will lead to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating embedded files before\n save attempts.(CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n reachable abort in Object.h, will lead to denial of\n service because EmbFile::save2 in FileSpec.cc lacks a\n stream check before saving an embedded\n file.(CVE-2018-19058)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1173\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?703342c5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.67.0-1.h8.eulerosv2r8\",\n \"poppler-glib-0.67.0-1.h8.eulerosv2r8\",\n \"poppler-qt-0.67.0-1.h8.eulerosv2r8\",\n \"poppler-utils-0.67.0-1.h8.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-09T13:48:55", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1481 advisory.\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-26T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : poppler (ALAS-2020-1481)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-12293", "CVE-2019-9959"], "modified": "2020-08-26T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:poppler", "p-cpe:/a:amazon:linux:poppler-cpp", "p-cpe:/a:amazon:linux:poppler-cpp-devel", "p-cpe:/a:amazon:linux:poppler-debuginfo", "p-cpe:/a:amazon:linux:poppler-demos", "p-cpe:/a:amazon:linux:poppler-devel", "p-cpe:/a:amazon:linux:poppler-glib", "p-cpe:/a:amazon:linux:poppler-glib-devel", "p-cpe:/a:amazon:linux:poppler-qt", "p-cpe:/a:amazon:linux:poppler-qt-devel", "p-cpe:/a:amazon:linux:poppler-utils", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2020-1481.NASL", "href": "https://www.tenable.com/plugins/nessus/139861", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1481.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139861);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/26\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-12293\"\n );\n script_bugtraq_id(109342, 107862, 108457);\n script_xref(name:\"ALAS\", value:\"2020-1481\");\n\n script_name(english:\"Amazon Linux 2 : poppler (ALAS-2020-1481)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1481 advisory.\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1481.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-21009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9959\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update poppler' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'poppler-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-cpp-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-cpp-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-cpp-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-cpp-devel-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-cpp-devel-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-cpp-devel-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-debuginfo-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-debuginfo-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-debuginfo-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-demos-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-demos-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-demos-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-devel-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-devel-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-devel-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-glib-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-glib-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-glib-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-glib-devel-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-glib-devel-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-glib-devel-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-qt-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-qt-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-qt-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-qt-devel-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-qt-devel-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-qt-devel-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-utils-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-utils-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-utils-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-cpp / poppler-cpp-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-15T14:35:54", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has poppler packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2020-0074)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-12293", "CVE-2019-9959"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0074_POPPLER.NASL", "href": "https://www.tenable.com/plugins/nessus/143911", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0074. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143911);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-12293\"\n );\n script_bugtraq_id(107862, 108457, 109342);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2020-0074)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0074\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL poppler packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'poppler-0.26.5-42.el7',\n 'poppler-cpp-0.26.5-42.el7',\n 'poppler-cpp-devel-0.26.5-42.el7',\n 'poppler-debuginfo-0.26.5-42.el7',\n 'poppler-demos-0.26.5-42.el7',\n 'poppler-devel-0.26.5-42.el7',\n 'poppler-glib-0.26.5-42.el7',\n 'poppler-glib-devel-0.26.5-42.el7',\n 'poppler-qt-0.26.5-42.el7',\n 'poppler-qt-devel-0.26.5-42.el7',\n 'poppler-utils-0.26.5-42.el7'\n ],\n 'CGSL MAIN 5.04': [\n 'poppler-0.26.5-42.el7',\n 'poppler-cpp-0.26.5-42.el7',\n 'poppler-cpp-devel-0.26.5-42.el7',\n 'poppler-debuginfo-0.26.5-42.el7',\n 'poppler-demos-0.26.5-42.el7',\n 'poppler-devel-0.26.5-42.el7',\n 'poppler-glib-0.26.5-42.el7',\n 'poppler-glib-devel-0.26.5-42.el7',\n 'poppler-qt-0.26.5-42.el7',\n 'poppler-qt-devel-0.26.5-42.el7',\n 'poppler-utils-0.26.5-42.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'poppler');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-15T14:35:55", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has poppler packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : poppler Multiple Vulnerabilities (NS-SA-2020-0110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-12293", "CVE-2019-9959"], "modified": "2020-12-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0110_POPPLER.NASL", "href": "https://www.tenable.com/plugins/nessus/143995", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0110. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143995);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-12293\"\n );\n script_bugtraq_id(107862, 108457, 109342);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : poppler Multiple Vulnerabilities (NS-SA-2020-0110)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0110\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL poppler packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'poppler-0.26.5-42.el7',\n 'poppler-cpp-0.26.5-42.el7',\n 'poppler-cpp-devel-0.26.5-42.el7',\n 'poppler-debuginfo-0.26.5-42.el7',\n 'poppler-demos-0.26.5-42.el7',\n 'poppler-devel-0.26.5-42.el7',\n 'poppler-glib-0.26.5-42.el7',\n 'poppler-glib-devel-0.26.5-42.el7',\n 'poppler-qt-0.26.5-42.el7',\n 'poppler-qt-devel-0.26.5-42.el7',\n 'poppler-utils-0.26.5-42.el7'\n ],\n 'CGSL MAIN 5.05': [\n 'poppler-0.26.5-42.el7',\n 'poppler-cpp-0.26.5-42.el7',\n 'poppler-cpp-devel-0.26.5-42.el7',\n 'poppler-debuginfo-0.26.5-42.el7',\n 'poppler-demos-0.26.5-42.el7',\n 'poppler-devel-0.26.5-42.el7',\n 'poppler-glib-0.26.5-42.el7',\n 'poppler-glib-devel-0.26.5-42.el7',\n 'poppler-qt-0.26.5-42.el7',\n 'poppler-qt-devel-0.26.5-42.el7',\n 'poppler-utils-0.26.5-42.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'poppler');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T13:09:38", "description": "Security fix for CVE-2018-20551, CVE-2018-20481, CVE-2018-20650 and CVE-2018-18897.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-01-24T00:00:00", "type": "nessus", "title": "Fedora 29 : poppler (2019-7ff7f5093e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:poppler", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-7FF7F5093E.NASL", "href": "https://www.tenable.com/plugins/nessus/121334", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-7ff7f5093e.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121334);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-18897\", \"CVE-2018-20481\", \"CVE-2018-20551\", \"CVE-2018-20650\");\n script_xref(name:\"FEDORA\", value:\"2019-7ff7f5093e\");\n\n script_name(english:\"Fedora 29 : poppler (2019-7ff7f5093e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-20551, CVE-2018-20481, CVE-2018-20650 and\nCVE-2018-18897.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-7ff7f5093e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"poppler-0.67.0-10.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T00:43:39", "description": "Security fix for CVE-2018-20551, CVE-2018-20481 and CVE-2018-20650.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-02-08T00:00:00", "type": "nessus", "title": "Fedora 28 : poppler (2019-40f4af0687)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650"], "modified": "2020-02-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:poppler", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2019-40F4AF0687.NASL", "href": "https://www.tenable.com/plugins/nessus/122040", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-40f4af0687.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122040);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/12\");\n\n script_cve_id(\"CVE-2018-18897\", \"CVE-2018-20481\", \"CVE-2018-20551\", \"CVE-2018-20650\");\n script_xref(name:\"FEDORA\", value:\"2019-40f4af0687\");\n\n script_name(english:\"Fedora 28 : poppler (2019-40f4af0687)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2018-20551, CVE-2018-20481 and CVE-2018-20650.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-40f4af0687\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"poppler-0.62.0-14.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-15T14:31:27", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4646-1 advisory.\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed- length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. (CVE-2019-13283)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-26T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : poppler vulnerabilities (USN-4646-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-13283", "CVE-2019-9959", "CVE-2020-27778"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-poppler-0.18", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp-dev", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0v5", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-dev", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib-dev", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib8", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-private-dev", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt4-4", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt4-dev", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt5-1", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt5-dev", "p-cpe:/a:canonical:ubuntu_linux:libpoppler58", "p-cpe:/a:canonical:ubuntu_linux:libpoppler73", "p-cpe:/a:canonical:ubuntu_linux:poppler-utils"], "id": "UBUNTU_USN-4646-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143266", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4646-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143266);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-13283\",\n \"CVE-2020-27778\"\n );\n script_bugtraq_id(107862, 109342);\n script_xref(name:\"USN\", value:\"4646-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : poppler vulnerabilities (USN-4646-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4646-1 advisory.\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in\n fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-\n length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It\n allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or\n possibly have unspecified other impact. (CVE-2019-13283)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4646-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13283\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-21009\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-poppler-0.18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-private-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt4-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt5-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler58\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler73\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:poppler-utils\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2022 Canonical, Inc. / NASL script (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'gir1.2-poppler-0.18', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-cpp-dev', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-cpp0', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-dev', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-glib-dev', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-glib8', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-private-dev', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-qt4-4', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-qt4-dev', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-qt5-1', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-qt5-dev', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler58', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'poppler-utils', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '18.04', 'pkgname': 'gir1.2-poppler-0.18', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-cpp-dev', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-cpp0v5', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-dev', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-glib-dev', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-glib8', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-private-dev', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-qt5-1', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-qt5-dev', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler73', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'poppler-utils', 'pkgver': '0.62.0-2ubuntu2.11'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-poppler-0.18 / libpoppler-cpp-dev / libpoppler-cpp0 / etc');\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T13:39:32", "description": "The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files.\n(CVE-2019-11459)\n\nPoppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nThe JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\nAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\nIn Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. (CVE-2019-12293)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-07-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : poppler (ALAS-2020-1398)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-11459", "CVE-2019-12293", "CVE-2019-9959"], "modified": "2020-07-22T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:poppler", "p-cpe:/a:amazon:linux:poppler-cpp", "p-cpe:/a:amazon:linux:poppler-cpp-devel", "p-cpe:/a:amazon:linux:poppler-debuginfo", "p-cpe:/a:amazon:linux:poppler-devel", "p-cpe:/a:amazon:linux:poppler-glib", "p-cpe:/a:amazon:linux:poppler-glib-devel", "p-cpe:/a:amazon:linux:poppler-utils", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1398.NASL", "href": "https://www.tenable.com/plugins/nessus/138640", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1398.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138640);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2018-21009\", \"CVE-2019-10871\", \"CVE-2019-11459\", \"CVE-2019-12293\", \"CVE-2019-9959\");\n script_xref(name:\"ALAS\", value:\"2020-1398\");\n\n script_name(english:\"Amazon Linux AMI : poppler (ALAS-2020-1398)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The tiff_document_render() and tiff_document_get_thumbnail() functions\nin the TIFF document backend in GNOME Evince through 3.32.0 did not\nhandle errors from TIFFReadRGBAImageOriented(), leading to\nuninitialized memory use when processing certain TIFF image files.\n(CVE-2019-11459)\n\nPoppler before 0.66.0 has an integer overflow in Parser::makeStream in\nParser.cc. (CVE-2018-21009)\n\nThe JPXStream::init function in Poppler 0.78.0 and earlier doesn't\ncheck for negative values of stream length, leading to an Integer\nOverflow, thereby making it possible to allocate a large memory chunk\non the heap, with a size controlled by an attacker, as demonstrated by\npdftocairo. (CVE-2019-9959)\n\nAn issue was discovered in Poppler 0.74.0. There is a heap-based\nbuffer over-read in the function PSOutputDev::checkPageSlice at\nPSOutputDev.cc. (CVE-2019-10871)\n\nIn Poppler through 0.76.1, there is a heap-based buffer over-read in\nJPXStream::init in JPEG2000Stream.cc via data with inconsistent\nheights or widths. (CVE-2019-12293)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2020-1398.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update poppler' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"poppler-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-cpp-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-cpp-devel-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-debuginfo-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-devel-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-glib-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-glib-devel-0.26.5-42.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-utils-0.26.5-42.20.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-cpp / poppler-cpp-devel / poppler-debuginfo / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-21T12:54:05", "description": "According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.(CVE-2019-10871)\n\n - In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.(CVE-2017-14927)\n\n - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.(CVE-2019-9903)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.(CVE-2018-21009)\n\n - The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.(CVE-2017-9865)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : poppler (EulerOS-SA-2021-1832)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14927", "CVE-2017-9865", "CVE-2018-21009", "CVE-2019-10871", "CVE-2019-9903"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler-qt", "p-cpe:/a:huawei:euleros:poppler-utils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1832.NASL", "href": "https://www.tenable.com/plugins/nessus/149139", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149139);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2017-14927\",\n \"CVE-2017-9865\",\n \"CVE-2018-21009\",\n \"CVE-2019-10871\",\n \"CVE-2019-9903\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : poppler (EulerOS-SA-2021-1832)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in Poppler 0.74.0. There is a\n heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at\n PSOutputDev.cc.(CVE-2019-10871)\n\n - In Poppler 0.59.0, a NULL Pointer Dereference exists in\n the SplashOutputDev::type3D0() function in\n SplashOutputDev.cc via a crafted PDF\n document.(CVE-2017-14927)\n\n - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0\n mishandles dict marking, leading to stack consumption\n in the function Dict::find() located at Dict.cc, which\n can (for example) be triggered by passing a crafted pdf\n file to the pdfunite binary.(CVE-2019-9903)\n\n - Poppler before 0.66.0 has an integer overflow in\n Parser::makeStream in Parser.cc.(CVE-2018-21009)\n\n - The function GfxImageColorMap::getGray in GfxState.cc\n in Poppler 0.54.0 allows remote attackers to cause a\n denial of service (stack-based buffer over-read and\n application crash) via a crafted PDF document, related\n to missing color-map validation in\n ImageOutputDev.cc.(CVE-2017-9865)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1832\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?31716081\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.26.5-17.h24\",\n \"poppler-glib-0.26.5-17.h24\",\n \"poppler-qt-0.26.5-17.h24\",\n \"poppler-utils-0.26.5-17.h24\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-16T15:36:01", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1074 advisory.\n\n - poppler: integer overflow in Parser::makeStream in Parser.cc (CVE-2018-21009)\n\n - poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n - evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)\n\n - poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n - poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-19T00:00:00", "type": "nessus", "title": "RHEL 7 : poppler and evince (RHSA-2020:1074)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-11459", "CVE-2019-12293", "CVE-2019-9959"], "modified": "2021-10-13T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:poppler:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:poppler-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:poppler-utils:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:evince:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:evince-browser-plugin:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:evince-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:evince-nautilus:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:evince-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:evince-dvi:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:poppler-cpp:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:poppler-cpp-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:poppler-demos:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:poppler-glib:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:poppler-glib-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:poppler-qt:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:poppler-qt-devel:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-1074.NASL", "href": "https://www.tenable.com/plugins/nessus/143095", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1074. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143095);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/13\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-11459\",\n \"CVE-2019-12293\"\n );\n script_bugtraq_id(107862, 108457, 109342);\n script_xref(name:\"RHSA\", value:\"2020:1074\");\n script_xref(name:\"IAVB\", value:\"2019-B-0064\");\n script_xref(name:\"IAVB\", value:\"2019-B-0021-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0038-S\");\n\n script_name(english:\"RHEL 7 : poppler and evince (RHSA-2020:1074)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:1074 advisory.\n\n - poppler: integer overflow in Parser::makeStream in Parser.cc (CVE-2018-21009)\n\n - poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc\n (CVE-2019-10871)\n\n - evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()\n (CVE-2019-11459)\n\n - poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n - poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/190.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-21009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-11459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1696636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1713582\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1716295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1732340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1753850\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(122, 125, 190);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince-browser-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince-dvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince-nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-utils\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'evince-3.28.2-9.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-3.28.2-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-browser-plugin-3.28.2-9.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-browser-plugin-3.28.2-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-devel-3.28.2-9.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-devel-3.28.2-9.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-devel-3.28.2-9.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-devel-3.28.2-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-dvi-3.28.2-9.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-dvi-3.28.2-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-libs-3.28.2-9.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-libs-3.28.2-9.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-libs-3.28.2-9.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-libs-3.28.2-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-nautilus-3.28.2-9.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'evince-nautilus-3.28.2-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-0.26.5-42.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-0.26.5-42.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-0.26.5-42.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-0.26.5-42.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-cpp-0.26.5-42.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-cpp-0.26.5-42.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-cpp-0.26.5-42.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-cpp-0.26.5-42.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-cpp-devel-0.26.5-42.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-cpp-devel-0.26.5-42.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-cpp-devel-0.26.5-42.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-cpp-devel-0.26.5-42.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-demos-0.26.5-42.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-demos-0.26.5-42.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-devel-0.26.5-42.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-devel-0.26.5-42.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-devel-0.26.5-42.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-devel-0.26.5-42.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-glib-0.26.5-42.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-glib-0.26.5-42.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-glib-0.26.5-42.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-glib-0.26.5-42.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-glib-devel-0.26.5-42.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-glib-devel-0.26.5-42.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-glib-devel-0.26.5-42.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-glib-devel-0.26.5-42.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-qt-0.26.5-42.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-qt-0.26.5-42.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-qt-0.26.5-42.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-qt-0.26.5-42.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-qt-devel-0.26.5-42.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-qt-devel-0.26.5-42.el7', 'cpu':'s390', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-qt-devel-0.26.5-42.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-qt-devel-0.26.5-42.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-utils-0.26.5-42.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'poppler-utils-0.26.5-42.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'evince / evince-browser-plugin / evince-devel / evince-dvi / etc');\n}\n", "cvss": {"score": 6.8, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T13:27:40", "description": "* poppler: integer overflow in Parser::makeStream in Parser.cc * poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc * poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc * poppler:\ninteger overflow in JPXStream::init function leading to memory consumption * evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail()", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-04-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : poppler and evince on SL7.x x86_64 (20200407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-11459", "CVE-2019-12293", "CVE-2019-9959"], "modified": "2020-04-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:evince", "p-cpe:/a:fermilab:scientific_linux:evince-browser-plugin", "p-cpe:/a:fermilab:scientific_linux:evince-debuginfo", "p-cpe:/a:fermilab:scientific_linux:evince-devel", "p-cpe:/a:fermilab:scientific_linux:evince-dvi", "p-cpe:/a:fermilab:scientific_linux:evince-libs", "p-cpe:/a:fermilab:scientific_linux:evince-nautilus", "p-cpe:/a:fermilab:scientific_linux:poppler", "p-cpe:/a:fermilab:scientific_linux:poppler-cpp", "p-cpe:/a:fermilab:scientific_linux:poppler-cpp-devel", "p-cpe:/a:fermilab:scientific_linux:poppler-debuginfo", "p-cpe:/a:fermilab:scientific_linux:poppler-demos", "p-cpe:/a:fermilab:scientific_linux:poppler-devel", "p-cpe:/a:fermilab:scientific_linux:poppler-glib", "p-cpe:/a:fermilab:scientific_linux:poppler-glib-devel", "p-cpe:/a:fermilab:scientific_linux:poppler-qt", "p-cpe:/a:fermilab:scientific_linux:poppler-qt-devel", "p-cpe:/a:fermilab:scientific_linux:poppler-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20200407_POPPLER_AND_EVINCE_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/135829", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135829);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/24\");\n\n script_cve_id(\"CVE-2018-21009\", \"CVE-2019-10871\", \"CVE-2019-11459\", \"CVE-2019-12293\", \"CVE-2019-9959\");\n\n script_name(english:\"Scientific Linux Security Update : poppler and evince on SL7.x x86_64 (20200407)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"* poppler: integer overflow in Parser::makeStream in Parser.cc *\npoppler: heap-based buffer over-read in function\nPSOutputDev::checkPageSlice in PSOutputDev.cc * poppler: heap-based\nbuffer over-read in JPXStream::init in JPEG2000Stream.cc * poppler:\ninteger overflow in JPXStream::init function leading to memory\nconsumption * evince: uninitialized memory use in function\ntiff_document_render() and tiff_document_get_thumbnail()\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2004&L=SCIENTIFIC-LINUX-ERRATA&P=14129\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?135f6233\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-browser-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-dvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-browser-plugin-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-debuginfo-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-devel-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-dvi-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-libs-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-nautilus-3.28.2-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-cpp-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-cpp-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-debuginfo-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-demos-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-glib-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-glib-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-qt-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-qt-devel-0.26.5-42.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-utils-0.26.5-42.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evince / evince-browser-plugin / evince-debuginfo / evince-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T13:53:28", "description": "According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.(CVE-2019-12293)\n\n - A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.(CVE-2019-12360)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.(CVE-2018-21009)\n\n - In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.(CVE-2017-14927)\n\n - The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.(CVE-2017-9865)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : poppler (EulerOS-SA-2021-1347)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14927", "CVE-2017-9865", "CVE-2018-21009", "CVE-2019-12293", "CVE-2019-12360", "CVE-2019-9631"], "modified": "2021-02-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler-qt", "p-cpe:/a:huawei:euleros:poppler-utils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1347.NASL", "href": "https://www.tenable.com/plugins/nessus/146719", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146719);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/24\");\n\n script_cve_id(\n \"CVE-2017-14927\",\n \"CVE-2017-9865\",\n \"CVE-2018-21009\",\n \"CVE-2019-12293\",\n \"CVE-2019-12360\",\n \"CVE-2019-9631\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : poppler (EulerOS-SA-2021-1347)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the\n CairoRescaleBox.cc downsample_row_box_filter\n function.(CVE-2019-9631)\n\n - In Poppler through 0.76.1, there is a heap-based buffer\n over-read in JPXStream::init in JPEG2000Stream.cc via\n data with inconsistent heights or\n widths.(CVE-2019-12293)\n\n - A stack-based buffer over-read exists in\n FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in\n Xpdf 4.01.01. It can, for example, be triggered by\n sending crafted TrueType data in a PDF document to the\n pdftops tool. It might allow an attacker to cause\n Denial of Service or leak memory data into dump\n content.(CVE-2019-12360)\n\n - Poppler before 0.66.0 has an integer overflow in\n Parser::makeStream in Parser.cc.(CVE-2018-21009)\n\n - In Poppler 0.59.0, a NULL Pointer Dereference exists in\n the SplashOutputDev::type3D0() function in\n SplashOutputDev.cc via a crafted PDF\n document.(CVE-2017-14927)\n\n - The function GfxImageColorMap::getGray in GfxState.cc\n in Poppler 0.54.0 allows remote attackers to cause a\n denial of service (stack-based buffer over-read and\n application crash) via a crafted PDF document, related\n to missing color-map validation in\n ImageOutputDev.cc.(CVE-2017-9865)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1347\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f2eb2d3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.26.5-17.h23\",\n \"poppler-glib-0.26.5-17.h23\",\n \"poppler-qt-0.26.5-17.h23\",\n \"poppler-utils-0.26.5-17.h23\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-19T00:22:21", "description": "xpdf 4.02. Lots of security fixes here.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-28T00:00:00", "type": "nessus", "title": "Fedora 30 : 1:xpdf (2019-a457286734)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12493", "CVE-2019-12515", "CVE-2019-12957", "CVE-2019-12958", "CVE-2019-13281", "CVE-2019-13282", "CVE-2019-13283", "CVE-2019-13286"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:xpdf", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-A457286734.NASL", "href": "https://www.tenable.com/plugins/nessus/130311", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-a457286734.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130311);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2019-12493\", \"CVE-2019-12515\", \"CVE-2019-12957\", \"CVE-2019-12958\", \"CVE-2019-13281\", \"CVE-2019-13282\", \"CVE-2019-13283\", \"CVE-2019-13286\");\n script_xref(name:\"FEDORA\", value:\"2019-a457286734\");\n\n script_name(english:\"Fedora 30 : 1:xpdf (2019-a457286734)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xpdf 4.02. Lots of security fixes here.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-a457286734\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:xpdf package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"xpdf-4.02-1.fc30\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:xpdf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-19T00:22:21", "description": "xpdf 4.02. Lots of security fixes here.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-28T00:00:00", "type": "nessus", "title": "Fedora 29 : 1:xpdf (2019-01da705767)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12493", "CVE-2019-12515", "CVE-2019-12957", "CVE-2019-12958", "CVE-2019-13281", "CVE-2019-13282", "CVE-2019-13283", "CVE-2019-13286"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:xpdf", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-01DA705767.NASL", "href": "https://www.tenable.com/plugins/nessus/130291", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-01da705767.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130291);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2019-12493\", \"CVE-2019-12515\", \"CVE-2019-12957\", \"CVE-2019-12958\", \"CVE-2019-13281\", \"CVE-2019-13282\", \"CVE-2019-13283\", \"CVE-2019-13286\");\n script_xref(name:\"FEDORA\", value:\"2019-01da705767\");\n\n script_name(english:\"Fedora 29 : 1:xpdf (2019-01da705767)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xpdf 4.02. Lots of security fixes here.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-01da705767\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:xpdf package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"xpdf-4.02-1.fc29\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:xpdf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-19T00:23:32", "description": "xpdf 4.02. Lots of security fixes here.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-10-28T00:00:00", "type": "nessus", "title": "Fedora 31 : 1:xpdf (2019-759ba8202b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12493", "CVE-2019-12515", "CVE-2019-12957", "CVE-2019-12958", "CVE-2019-13281", "CVE-2019-13282", "CVE-2019-13283", "CVE-2019-13286"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:xpdf", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-759BA8202B.NASL", "href": "https://www.tenable.com/plugins/nessus/130304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-759ba8202b.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130304);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2019-12493\", \"CVE-2019-12515\", \"CVE-2019-12957\", \"CVE-2019-12958\", \"CVE-2019-13281\", \"CVE-2019-13282\", \"CVE-2019-13283\", \"CVE-2019-13286\");\n script_xref(name:\"FEDORA\", value:\"2019-759ba8202b\");\n\n script_name(english:\"Fedora 31 : 1:xpdf (2019-759ba8202b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"xpdf 4.02. Lots of security fixes here.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-759ba8202b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:xpdf package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"xpdf-4.02-1.fc31\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:xpdf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T13:40:57", "description": "Several issues were found in Poppler, a PDF rendering library, that could lead to denial of service or possibly other unspecified impact when processing maliciously crafted documents.\n\nFor Debian 9 stretch, these problems have been fixed in version 0.48.0-2+deb9u3.\n\nWe recommend that you upgrade your poppler packages.\n\nFor the detailed security status of poppler please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/poppler\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-27T00:00:00", "type": "nessus", "title": "Debian DLA-2287-1 : poppler security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18267", "CVE-2018-16646", "CVE-2018-20481", "CVE-2018-21009", "CVE-2019-10872", "CVE-2019-12293", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2020-07-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18", "p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev", "p-cpe:/a:debian:debian_linux:libpoppler-cpp0v5", "p-cpe:/a:debian:debian_linux:libpoppler-dev", "p-cpe:/a:debian:debian_linux:libpoppler-glib-dev", "p-cpe:/a:debian:debian_linux:libpoppler-glib-doc", "p-cpe:/a:debian:debian_linux:libpoppler-glib8", "p-cpe:/a:debian:debian_linux:libpoppler-private-dev", "p-cpe:/a:debian:debian_linux:libpoppler-qt4-4", "p-cpe:/a:debian:debian_linux:libpoppler-qt4-dev", "p-cpe:/a:debian:debian_linux:libpoppler-qt5-1", "p-cpe:/a:debian:debian_linux:libpoppler-qt5-dev", "p-cpe:/a:debian:debian_linux:libpoppler64", "p-cpe:/a:debian:debian_linux:poppler-dbg", "p-cpe:/a:debian:debian_linux:poppler-utils", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2287.NASL", "href": "https://www.tenable.com/plugins/nessus/138910", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2287-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138910);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/30\");\n\n script_cve_id(\"CVE-2017-18267\", \"CVE-2018-16646\", \"CVE-2018-20481\", \"CVE-2018-21009\", \"CVE-2019-10872\", \"CVE-2019-12293\", \"CVE-2019-9200\", \"CVE-2019-9631\");\n\n script_name(english:\"Debian DLA-2287-1 : poppler security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several issues were found in Poppler, a PDF rendering library, that\ncould lead to denial of service or possibly other unspecified impact\nwhen processing maliciously crafted documents.\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.48.0-2+deb9u3.\n\nWe recommend that you upgrade your poppler packages.\n\nFor the detailed security status of poppler please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/poppler\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/poppler\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/poppler\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-cpp0v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-glib-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-glib-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-glib8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-private-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt4-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt5-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:poppler-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"gir1.2-poppler-0.18\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-cpp-dev\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-cpp0v5\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-dev\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-glib-dev\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-glib-doc\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-glib8\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-private-dev\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-qt4-4\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-qt4-dev\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-qt5-1\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-qt5-dev\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler64\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"poppler-dbg\", reference:\"0.48.0-2+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"poppler-utils\", reference:\"0.48.0-2+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-18T00:10:09", "description": "According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.(CVE-2019-9903)\n\n - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897)\n\n - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060)\n\n - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\n - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.(CVE-2019-10871)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : poppler (EulerOS-SA-2021-2425)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10871", "CVE-2019-9903"], "modified": "2021-09-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler-qt", "p-cpe:/a:huawei:euleros:poppler-utils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2425.NASL", "href": "https://www.tenable.com/plugins/nessus/153304", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153304);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/16\");\n\n script_cve_id(\n \"CVE-2018-18897\",\n \"CVE-2018-19058\",\n \"CVE-2018-19059\",\n \"CVE-2018-19060\",\n \"CVE-2018-20650\",\n \"CVE-2018-20662\",\n \"CVE-2019-10871\",\n \"CVE-2019-9903\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : poppler (EulerOS-SA-2021-2425)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0\n mishandles dict marking, leading to stack consumption\n in the function Dict::find() located at Dict.cc, which\n can (for example) be triggered by passing a crafted pdf\n file to the pdfunite binary.(CVE-2019-9903)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n memory leak in GfxColorSpace::setDisplayProfile in\n GfxState.cc, as demonstrated by\n pdftocairo.(CVE-2018-18897)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n reachable abort in Object.h, will lead to denial of\n service because EmbFile::save2 in FileSpec.cc lacks a\n stream check before saving an embedded\n file.(CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n NULL pointer dereference in goo/GooString.h, will lead\n to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating a filename of an\n embedded file before constructing a save\n path.(CVE-2018-19060)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n out-of-bounds read in EmbFile::save2 in FileSpec.cc,\n will lead to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating embedded files before\n save attempts.(CVE-2018-19059)\n\n - A reachable Object::dictLookup assertion in Poppler\n 0.72.0 allows attackers to cause a denial of service\n due to the lack of a check for the dict data type, as\n demonstrated by use of the FileSpec class (in\n FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\n - An issue was discovered in Poppler 0.74.0. There is a\n heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at\n PSOutputDev.cc.(CVE-2019-10871)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows\n attackers to cause a denial-of-service (application\n crash caused by Object.h SIGABRT, because of a wrong\n return value from PDFDoc::setup) by crafting a PDF file\n in which an xref data structure is mishandled during\n extractPDFSubtype processing.(CVE-2018-20662)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2425\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b3e43183\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9903\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.26.5-17.h24\",\n \"poppler-glib-0.26.5-17.h24\",\n \"poppler-qt-0.26.5-17.h24\",\n \"poppler-utils-0.26.5-17.h24\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-03T12:30:38", "description": "According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.(CVE-2018-16646)\n\n - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897)\n\n - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060)\n\n - Poppler before 0.70.0 has a NULL pointer dereference in\n _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018- 19149)\n\n - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : poppler (EulerOS-SA-2019-2269)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-9631"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler-qt", "p-cpe:/a:huawei:euleros:poppler-utils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2269.NASL", "href": "https://www.tenable.com/plugins/nessus/130731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130731);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-16646\",\n \"CVE-2018-18897\",\n \"CVE-2018-19058\",\n \"CVE-2018-19059\",\n \"CVE-2018-19060\",\n \"CVE-2018-19149\",\n \"CVE-2018-20650\",\n \"CVE-2018-20662\",\n \"CVE-2019-9631\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : poppler (EulerOS-SA-2019-2269)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In Poppler 0.68.0, the Parser::getObj() function in\n Parser.cc may cause infinite recursion via a crafted\n file. A remote attacker can leverage this for a DoS\n attack.(CVE-2018-16646)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n memory leak in GfxColorSpace::setDisplayProfile in\n GfxState.cc, as demonstrated by\n pdftocairo.(CVE-2018-18897)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n reachable abort in Object.h, will lead to denial of\n service because EmbFile::save2 in FileSpec.cc lacks a\n stream check before saving an embedded\n file.(CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n out-of-bounds read in EmbFile::save2 in FileSpec.cc,\n will lead to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating embedded files before\n save attempts.(CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n NULL pointer dereference in goo/GooString.h, will lead\n to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating a filename of an\n embedded file before constructing a save\n path.(CVE-2018-19060)\n\n - Poppler before 0.70.0 has a NULL pointer dereference in\n _poppler_attachment_new when called from\n poppler_annot_file_attachment_get_attachment.(CVE-2018-\n 19149)\n\n - A reachable Object::dictLookup assertion in Poppler\n 0.72.0 allows attackers to cause a denial of service\n due to the lack of a check for the dict data type, as\n demonstrated by use of the FileSpec class (in\n FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows\n attackers to cause a denial-of-service (application\n crash caused by Object.h SIGABRT, because of a wrong\n return value from PDFDoc::setup) by crafting a PDF file\n in which an xref data structure is mishandled during\n extractPDFSubtype processing.(CVE-2018-20662)\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the\n CairoRescaleBox.cc downsample_row_box_filter\n function.(CVE-2019-9631)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2269\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?927175c6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.26.5-17.h17\",\n \"poppler-glib-0.26.5-17.h17\",\n \"poppler-qt-0.26.5-17.h17\",\n \"poppler-utils-0.26.5-17.h17\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:17:56", "description": "According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.(CVE-2017-7515)\n\n - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060)\n\n - Poppler before 0.70.0 has a NULL pointer dereference in\n _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018- 19149)\n\n - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\n - In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.(CVE-2018-16646)\n\n - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : poppler (EulerOS-SA-2019-2224)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7515", "CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20650", "CVE-2018-20662"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler-qt", "p-cpe:/a:huawei:euleros:poppler-utils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2224.NASL", "href": "https://www.tenable.com/plugins/nessus/130686", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130686);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7515\",\n \"CVE-2018-16646\",\n \"CVE-2018-18897\",\n \"CVE-2018-19058\",\n \"CVE-2018-19059\",\n \"CVE-2018-19060\",\n \"CVE-2018-19149\",\n \"CVE-2018-20650\",\n \"CVE-2018-20662\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : poppler (EulerOS-SA-2019-2224)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - poppler through version 0.55.0 is vulnerable to an\n uncontrolled recursion in pdfunite resulting into\n potential denial-of-service.(CVE-2017-7515)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n reachable abort in Object.h, will lead to denial of\n service because EmbFile::save2 in FileSpec.cc lacks a\n stream check before saving an embedded\n file.(CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n out-of-bounds read in EmbFile::save2 in FileSpec.cc,\n will lead to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating embedded files before\n save attempts.(CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n NULL pointer dereference in goo/GooString.h, will lead\n to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating a filename of an\n embedded file before constructing a save\n path.(CVE-2018-19060)\n\n - Poppler before 0.70.0 has a NULL pointer dereference in\n _poppler_attachment_new when called from\n poppler_annot_file_attachment_get_attachment.(CVE-2018-\n 19149)\n\n - A reachable Object::dictLookup assertion in Poppler\n 0.72.0 allows attackers to cause a denial of service\n due to the lack of a check for the dict data type, as\n demonstrated by use of the FileSpec class (in\n FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\n - In Poppler 0.68.0, the Parser::getObj() function in\n Parser.cc may cause infinite recursion via a crafted\n file. A remote attacker can leverage this for a DoS\n attack.(CVE-2018-16646)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n memory leak in GfxColorSpace::setDisplayProfile in\n GfxState.cc, as demonstrated by\n pdftocairo.(CVE-2018-18897)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows\n attackers to cause a denial-of-service (application\n crash caused by Object.h SIGABRT, because of a wrong\n return value from PDFDoc::setup) by crafting a PDF file\n in which an xref data structure is mishandled during\n extractPDFSubtype processing.(CVE-2018-20662)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2224\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fae5cec\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20662\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.26.5-17.h20.eulerosv2r7\",\n \"poppler-glib-0.26.5-17.h20.eulerosv2r7\",\n \"poppler-qt-0.26.5-17.h20.eulerosv2r7\",\n \"poppler-utils-0.26.5-17.h20.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-09-14T15:15:14", "description": "For Debian 9 stretch, these problems have been fixed in version 0.48.0-2+deb9u4.\n\nWe recommend that you upgrade your poppler packages.\n\nFor the detailed security status of poppler please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/poppler\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-09T00:00:00", "type": "nessus", "title": "Debian DLA-2440-1 : poppler security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14926", "CVE-2017-14928", "CVE-2018-19058", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10018", "CVE-2019-14494", "CVE-2019-7310", "CVE-2019-9959"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18", "p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev", "p-cpe:/a:debian:debian_linux:libpoppler-cpp0v5", "p-cpe:/a:debian:debian_linux:libpoppler-dev", "p-cpe:/a:debian:debian_linux:libpoppler-glib-dev", "p-cpe:/a:debian:debian_linux:libpoppler-glib-doc", "p-cpe:/a:debian:debian_linux:libpoppler-glib8", "p-cpe:/a:debian:debian_linux:libpoppler-private-dev", "p-cpe:/a:debian:debian_linux:libpoppler-qt4-4", "p-cpe:/a:debian:debian_linux:libpoppler-qt4-dev", "p-cpe:/a:debian:debian_linux:libpoppler-qt5-1", "p-cpe:/a:debian:debian_linux:libpoppler-qt5-dev", "p-cpe:/a:debian:debian_linux:libpoppler64", "p-cpe:/a:debian:debian_linux:poppler-dbg", "p-cpe:/a:debian:debian_linux:poppler-utils", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2440.NASL", "href": "https://www.tenable.com/plugins/nessus/142619", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2440-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142619);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2017-14926\", \"CVE-2017-14928\", \"CVE-2018-19058\", \"CVE-2018-20650\", \"CVE-2018-20662\", \"CVE-2019-10018\", \"CVE-2019-14494\", \"CVE-2019-7310\", \"CVE-2019-9959\");\n\n script_name(english:\"Debian DLA-2440-1 : poppler security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"For Debian 9 stretch, these problems have been fixed in version\n0.48.0-2+deb9u4.\n\nWe recommend that you upgrade your poppler packages.\n\nFor the detailed security status of poppler please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/poppler\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/poppler\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/poppler\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7310\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-cpp0v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-glib-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-glib-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-glib8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-private-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt4-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt5-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler-qt5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpoppler64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:poppler-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"gir1.2-poppler-0.18\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-cpp-dev\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-cpp0v5\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-dev\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-glib-dev\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-glib-doc\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-glib8\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-private-dev\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-qt4-4\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-qt4-dev\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-qt5-1\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler-qt5-dev\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libpoppler64\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"poppler-dbg\", reference:\"0.48.0-2+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"poppler-utils\", reference:\"0.48.0-2+deb9u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T15:13:41", "description": "XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.(CVE-2018-20481)\n\nIn Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646)\n\nPoppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)\n\nA reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\n\nPoppler before 0.70.0 has a NULL pointer dereference in\n_poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018-19149)\n\nIn Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.(CVE-2019-7310)\n\nAn issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897)\n\nAn issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060)\n\nA heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.(CVE-2019-9200)\n\nIn Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-28T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : poppler (ALAS-2019-1271)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:poppler", "p-cpe:/a:amazon:linux:poppler-cpp", "p-cpe:/a:amazon:linux:poppler-cpp-devel", "p-cpe:/a:amazon:linux:poppler-debuginfo", "p-cpe:/a:amazon:linux:poppler-devel", "p-cpe:/a:amazon:linux:poppler-glib", "p-cpe:/a:amazon:linux:poppler-glib-devel", "p-cpe:/a:amazon:linux:poppler-utils", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1271.NASL", "href": "https://www.tenable.com/plugins/nessus/128294", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1271.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128294);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2018-16646\", \"CVE-2018-18897\", \"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-19060\", \"CVE-2018-19149\", \"CVE-2018-20481\", \"CVE-2018-20650\", \"CVE-2018-20662\", \"CVE-2019-7310\", \"CVE-2019-9200\", \"CVE-2019-9631\");\n script_xref(name:\"ALAS\", value:\"2019-1271\");\n\n script_name(english:\"Amazon Linux AMI : poppler (ALAS-2019-1271)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated\nXRef entries, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference) via a crafted PDF document, when\nXRefEntry::setFlag in XRef.h is called from Parser::makeStream in\nParser.cc.(CVE-2018-20481)\n\nIn Poppler 0.68.0, the Parser::getObj() function in Parser.cc may\ncause infinite recursion via a crafted file. A remote attacker can\nleverage this for a DoS attack. (CVE-2018-16646)\n\nPoppler 0.74.0 has a heap-based buffer over-read in the\nCairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)\n\nA reachable Object::dictLookup assertion in Poppler 0.72.0 allows\nattackers to cause a denial of service due to the lack of a check for\nthe dict data type, as demonstrated by use of the FileSpec class (in\nFileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds\nread in EmbFile::save2 in FileSpec.cc, will lead to denial of service,\nas demonstrated by utils/pdfdetach.cc not validating embedded files\nbefore save attempts.(CVE-2018-19059)\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort\nin Object.h, will lead to denial of service because EmbFile::save2 in\nFileSpec.cc lacks a stream check before saving an embedded\nfile.(CVE-2018-19058)\n\nPoppler before 0.70.0 has a NULL pointer dereference in\n_poppler_attachment_new when called from\npoppler_annot_file_attachment_get_attachment.(CVE-2018-19149)\n\nIn Poppler 0.73.0, a heap-based buffer over-read (due to an integer\nsignedness error in the XRef::getEntry function in XRef.cc) allows\nremote attackers to cause a denial of service (application crash) or\npossibly have unspecified other impact via a crafted PDF document, as\ndemonstrated by pdftocairo.(CVE-2019-7310)\n\nAn issue was discovered in Poppler 0.71.0. There is a memory leak in\nGfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by\npdftocairo.(CVE-2018-18897)\n\nAn issue was discovered in Poppler 0.71.0. There is a NULL pointer\ndereference in goo/GooString.h, will lead to denial of service, as\ndemonstrated by utils/pdfdetach.cc not validating a filename of an\nembedded file before constructing a save path.(CVE-2018-19060)\n\nA heap-based buffer underwrite exists in ImageStream::getLine()\nlocated at Stream.cc in Poppler 0.74.0 that can (for example) be\ntriggered by sending a crafted PDF file to the pdfimages binary. It\nallows an attacker to cause Denial of Service (Segmentation fault) or\npossibly have unspecified other impact.(CVE-2019-9200)\n\nIn Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to\ncause a denial-of-service (application crash caused by Object.h\nSIGABRT, because of a wrong return value from PDFDoc::setup) by\ncrafting a PDF file in which an xref data structure is mishandled\nduring extractPDFSubtype processing.(CVE-2018-20662)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1271.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update poppler' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"poppler-0.26.5-38.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-cpp-0.26.5-38.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-cpp-devel-0.26.5-38.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-debuginfo-0.26.5-38.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-devel-0.26.5-38.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-glib-0.26.5-38.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-glib-devel-0.26.5-38.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"poppler-utils-0.26.5-38.19.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-cpp / poppler-cpp-devel / poppler-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T15:14:17", "description": "An update for poppler, evince, and okular is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular.\n\nSecurity Fix(es) :\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n* poppler: reachable abort in Object.h (CVE-2018-19058)\n\n* poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059)\n\n* poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)\n\n* poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-30T00:00:00", "type": "nessus", "title": "CentOS 7 : evince / okular / poppler (CESA-2019:2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:evince", "p-cpe:/a:centos:centos:evince-browser-plugin", "p-cpe:/a:centos:centos:evince-devel", "p-cpe:/a:centos:centos:evince-dvi", "p-cpe:/a:centos:centos:evince-libs", "p-cpe:/a:centos:centos:evince-nautilus", "p-cpe:/a:centos:centos:okular", "p-cpe:/a:centos:centos:okular-devel", "p-cpe:/a:centos:centos:okular-libs", "p-cpe:/a:centos:centos:okular-part", "p-cpe:/a:centos:centos:poppler", "p-cpe:/a:centos:centos:poppler-cpp", "p-cpe:/a:centos:centos:poppler-cpp-devel", "p-cpe:/a:centos:centos:poppler-demos", "p-cpe:/a:centos:centos:poppler-devel", "p-cpe:/a:centos:centos:poppler-glib", "p-cpe:/a:centos:centos:poppler-glib-devel", "p-cpe:/a:centos:centos:poppler-qt", "p-cpe:/a:centos:centos:poppler-qt-devel", "p-cpe:/a:centos:centos:poppler-utils", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-2022.NASL", "href": "https://www.tenable.com/plugins/nessus/128331", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2022 and \n# CentOS Errata and Security Advisory 2019:2022 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128331);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2018-16646\", \"CVE-2018-18897\", \"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-19060\", \"CVE-2018-19149\", \"CVE-2018-20481\", \"CVE-2018-20650\", \"CVE-2018-20662\", \"CVE-2019-7310\", \"CVE-2019-9200\", \"CVE-2019-9631\");\n script_xref(name:\"RHSA\", value:\"2019:2022\");\n\n script_name(english:\"CentOS 7 : evince / okular / poppler (CESA-2019:2022)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for poppler, evince, and okular is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince or Okular.\n\nSecurity Fix(es) :\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc\n(CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function\nImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: infinite recursion in Parser::getObj function in Parser.cc\n(CVE-2018-16646)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in\nGfxState.cc (CVE-2018-18897)\n\n* poppler: reachable abort in Object.h (CVE-2018-19058)\n\n* poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc\n(CVE-2018-19059)\n\n* poppler: pdfdetach utility does not validate save paths\n(CVE-2018-19060)\n\n* poppler: NULL pointer dereference in _poppler_attachment_new\n(CVE-2018-19149)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc\n(CVE-2018-20481)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in\nFileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function\ndownsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/005860.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6c974892\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006020.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1172af08\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006052.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44002993\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected evince, okular and / or poppler packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9631\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-browser-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-dvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:evince-nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:okular\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:okular-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:okular-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:okular-part\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-browser-plugin-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-devel-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-dvi-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-libs-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"evince-nautilus-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"okular-4.10.5-7.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"okular-devel-4.10.5-7.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"okular-libs-4.10.5-7.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"okular-part-4.10.5-7.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-cpp-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-cpp-devel-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-demos-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-devel-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-glib-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-glib-devel-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-qt-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-qt-devel-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"poppler-utils-0.26.5-38.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evince / evince-browser-plugin / evince-devel / evince-dvi / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T15:14:17", "description": "Security Fix(es) :\n\n - poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n - poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n - poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646)\n\n - poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n - poppler: reachable abort in Object.h (CVE-2018-19058)\n\n - poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059)\n\n - poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)\n\n - poppler: NULL pointer dereference in\n _poppler_attachment_new (CVE-2018-19149)\n\n - poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n - poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n - poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n - poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-27T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : poppler on SL7.x x86_64 (20190806)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:evince", "p-cpe:/a:fermilab:scientific_linux:evince-browser-plugin", "p-cpe:/a:fermilab:scientific_linux:evince-debuginfo", "p-cpe:/a:fermilab:scientific_linux:evince-devel", "p-cpe:/a:fermilab:scientific_linux:evince-dvi", "p-cpe:/a:fermilab:scientific_linux:evince-libs", "p-cpe:/a:fermilab:scientific_linux:evince-nautilus", "p-cpe:/a:fermilab:scientific_linux:okular", "p-cpe:/a:fermilab:scientific_linux:okular-debuginfo", "p-cpe:/a:fermilab:scientific_linux:okular-devel", "p-cpe:/a:fermilab:scientific_linux:okular-libs", "p-cpe:/a:fermilab:scientific_linux:okular-part", "p-cpe:/a:fermilab:scientific_linux:poppler", "p-cpe:/a:fermilab:scientific_linux:poppler-cpp", "p-cpe:/a:fermilab:scientific_linux:poppler-cpp-devel", "p-cpe:/a:fermilab:scientific_linux:poppler-debuginfo", "p-cpe:/a:fermilab:scientific_linux:poppler-demos", "p-cpe:/a:fermilab:scientific_linux:poppler-devel", "p-cpe:/a:fermilab:scientific_linux:poppler-glib", "p-cpe:/a:fermilab:scientific_linux:poppler-glib-devel", "p-cpe:/a:fermilab:scientific_linux:poppler-qt", "p-cpe:/a:fermilab:scientific_linux:poppler-qt-devel", "p-cpe:/a:fermilab:scientific_linux:poppler-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190806_POPPLER_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/128252", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128252);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-16646\", \"CVE-2018-18897\", \"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-19060\", \"CVE-2018-19149\", \"CVE-2018-20481\", \"CVE-2018-20650\", \"CVE-2018-20662\", \"CVE-2019-7310\", \"CVE-2019-9200\", \"CVE-2019-9631\");\n\n script_name(english:\"Scientific Linux Security Update : poppler on SL7.x x86_64 (20190806)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - poppler: heap-based buffer over-read in XRef::getEntry\n in XRef.cc (CVE-2019-7310)\n\n - poppler: heap-based buffer overflow in function\n ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n - poppler: infinite recursion in Parser::getObj function\n in Parser.cc (CVE-2018-16646)\n\n - poppler: memory leak in GfxColorSpace::setDisplayProfile\n in GfxState.cc (CVE-2018-18897)\n\n - poppler: reachable abort in Object.h (CVE-2018-19058)\n\n - poppler: out-of-bounds read in EmbFile::save2 in\n FileSpec.cc (CVE-2018-19059)\n\n - poppler: pdfdetach utility does not validate save paths\n (CVE-2018-19060)\n\n - poppler: NULL pointer dereference in\n _poppler_attachment_new (CVE-2018-19149)\n\n - poppler: NULL pointer dereference in the XRef::getEntry\n in XRef.cc (CVE-2018-20481)\n\n - poppler: reachable Object::dictLookup assertion in\n FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n - poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc\n (CVE-2018-20662)\n\n - poppler: heap-based buffer over-read in function\n downsample_row_box_filter in CairoRescaleBox.cc\n (CVE-2019-9631)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=31117\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45e5b084\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-browser-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-dvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:evince-nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:okular\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:okular-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:okular-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:okular-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:okular-part\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-browser-plugin-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-debuginfo-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-devel-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-dvi-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-libs-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"evince-nautilus-3.28.2-8.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"okular-4.10.5-7.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"okular-debuginfo-4.10.5-7.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"okular-devel-4.10.5-7.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"okular-libs-4.10.5-7.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"okular-part-4.10.5-7.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-cpp-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-cpp-devel-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-debuginfo-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-demos-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-devel-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-glib-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-glib-devel-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-qt-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-qt-devel-0.26.5-38.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"poppler-utils-0.26.5-38.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evince / evince-browser-plugin / evince-debuginfo / evince-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T15:13:59", "description": "An update for poppler, evince, and okular is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular.\n\nSecurity Fix(es) :\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n* poppler: reachable abort in Object.h (CVE-2018-19058)\n\n* poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059)\n\n* poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)\n\n* poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : poppler (RHSA-2019:2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:evince", "p-cpe:/a:redhat:enterprise_linux:evince-browser-plugin", "p-cpe:/a:redhat:enterprise_linux:evince-debuginfo", "p-cpe:/a:redhat:enterprise_linux:evince-devel", "p-cpe:/a:redhat:enterprise_linux:evince-dvi", "p-cpe:/a:redhat:enterprise_linux:evince-libs", "p-cpe:/a:redhat:enterprise_linux:evince-nautilus", "p-cpe:/a:redhat:enterprise_linux:okular", "p-cpe:/a:redhat:enterprise_linux:okular-debuginfo", "p-cpe:/a:redhat:enterprise_linux:okular-devel", "p-cpe:/a:redhat:enterprise_linux:okular-libs", "p-cpe:/a:redhat:enterprise_linux:okular-part", "p-cpe:/a:redhat:enterprise_linux:poppler", "p-cpe:/a:redhat:enterprise_linux:poppler-cpp", "p-cpe:/a:redhat:enterprise_linux:poppler-cpp-devel", "p-cpe:/a:redhat:enterprise_linux:poppler-debuginfo", "p-cpe:/a:redhat:enterprise_linux:poppler-demos", "p-cpe:/a:redhat:enterprise_linux:poppler-devel", "p-cpe:/a:redhat:enterprise_linux:poppler-glib", "p-cpe:/a:redhat:enterprise_linux:poppler-glib-devel", "p-cpe:/a:redhat:enterprise_linux:poppler-qt", "p-cpe:/a:redhat:enterprise_linux:poppler-qt-devel", "p-cpe:/a:redhat:enterprise_linux:poppler-utils", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2022.NASL", "href": "https://www.tenable.com/plugins/nessus/127648", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2022. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127648);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-16646\", \"CVE-2018-18897\", \"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-19060\", \"CVE-2018-19149\", \"CVE-2018-20481\", \"CVE-2018-20650\", \"CVE-2018-20662\", \"CVE-2019-7310\", \"CVE-2019-9200\", \"CVE-2019-9631\");\n script_xref(name:\"RHSA\", value:\"2019:2022\");\n\n script_name(english:\"RHEL 7 : poppler (RHSA-2019:2022)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for poppler, evince, and okular is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince or Okular.\n\nSecurity Fix(es) :\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc\n(CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function\nImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: infinite recursion in Parser::getObj function in Parser.cc\n(CVE-2018-16646)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in\nGfxState.cc (CVE-2018-18897)\n\n* poppler: reachable abort in Object.h (CVE-2018-19058)\n\n* poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc\n(CVE-2018-19059)\n\n* poppler: pdfdetach utility does not validate save paths\n(CVE-2018-19060)\n\n* poppler: NULL pointer dereference in _poppler_attachment_new\n(CVE-2018-19149)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc\n(CVE-2018-20481)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in\nFileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function\ndownsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-18897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-19058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-19059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-19060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-19149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-7310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9631\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince-browser-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince-dvi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evince-nautilus\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:okular\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:okular-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:okular-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:okular-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:okular-part\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2022\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"evince-3.28.2-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"evince-3.28.2-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"evince-browser-plugin-3.28.2-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"evince-browser-plugin-3.28.2-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"evince-debuginfo-3.28.2-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"evince-devel-3.28.2-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"evince-dvi-3.28.2-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"evince-dvi-3.28.2-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"evince-libs-3.28.2-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"evince-nautilus-3.28.2-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"evince-nautilus-3.28.2-8.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"okular-4.10.5-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"okular-debuginfo-4.10.5-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"okular-debuginfo-4.10.5-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"okular-devel-4.10.5-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"okular-devel-4.10.5-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"okular-libs-4.10.5-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"okular-libs-4.10.5-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"okular-part-4.10.5-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"poppler-0.26.5-38.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"poppler-cpp-0.26.5-38.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"poppler-cpp-devel-0.26.5-38.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"poppler-debuginfo-0.26.5-38.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"poppler-demos-0.26.5-38.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"poppler-demos-0.26.5-38.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"poppler-devel-0.26.5-38.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"poppler-glib-0.26.5-38.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"poppler-glib-devel-0.26.5-38.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"poppler-qt-0.26.5-38.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"poppler-qt-devel-0.26.5-38.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"poppler-utils-0.26.5-38.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"poppler-utils-0.26.5-38.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evince / evince-browser-plugin / evince-debuginfo / evince-devel / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T15:15:51", "description": "An update for poppler is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.\n\nSecurity Fix(es) :\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n* poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\n* poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903)\n\n* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-16T00:00:00", "type": "nessus", "title": "RHEL 8 : poppler (RHSA-2019:2713)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10871", "CVE-2019-12293", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631", "CVE-2019-9903", "CVE-2019-9959"], "modified": "2020-01-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:poppler", "p-cpe:/a:redhat:enterprise_linux:poppler-cpp", "p-cpe:/a:redhat:enterprise_linux:poppler-cpp-debuginfo", "p-cpe:/a:redhat:enterprise_linux:poppler-cpp-devel", "p-cpe:/a:redhat:enterprise_linux:poppler-debuginfo", "p-cpe:/a:redhat:enterprise_linux:poppler-debugsource", "p-cpe:/a:redhat:enterprise_linux:poppler-devel", "p-cpe:/a:redhat:enterprise_linux:poppler-glib", "p-cpe:/a:redhat:enterprise_linux:poppler-glib-debuginfo", "p-cpe:/a:redhat:enterprise_linux:poppler-glib-devel", "p-cpe:/a:redhat:enterprise_linux:poppler-qt5", "p-cpe:/a:redhat:enterprise_linux:poppler-qt5-debuginfo", "p-cpe:/a:redhat:enterprise_linux:poppler-qt5-devel", "p-cpe:/a:redhat:enterprise_linux:poppler-utils", "p-cpe:/a:redhat:enterprise_linux:poppler-utils-debuginfo", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-2713.NASL", "href": "https://www.tenable.com/plugins/nessus/128850", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2713. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128850);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/30\");\n\n script_cve_id(\"CVE-2018-18897\", \"CVE-2018-20481\", \"CVE-2018-20551\", \"CVE-2018-20650\", \"CVE-2018-20662\", \"CVE-2019-10871\", \"CVE-2019-12293\", \"CVE-2019-7310\", \"CVE-2019-9200\", \"CVE-2019-9631\", \"CVE-2019-9903\", \"CVE-2019-9959\");\n script_xref(name:\"RHSA\", value:\"2019:2713\");\n\n script_name(english:\"RHEL 8 : poppler (RHSA-2019:2713)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for poppler is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nSecurity Fix(es) :\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc\n(CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function\nImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: heap-based buffer over-read in function\nPSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in\nJPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in\nGfxState.cc (CVE-2018-18897)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc\n(CVE-2018-20481)\n\n* poppler: reachable Object::getString assertion in AnnotRichMedia\nclass in Annot.c (CVE-2018-20551)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in\nFileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function\ndownsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\n* poppler: stack consumption in function Dict::find() in Dict.cc\n(CVE-2019-9903)\n\n* poppler: integer overflow in JPXStream::init function leading to\nmemory consumption (CVE-2019-9959)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-18897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-7310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-9959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-10871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-12293\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-cpp-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-glib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-qt5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:poppler-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2713\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"poppler-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"poppler-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"poppler-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"poppler-cpp-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"i686\", reference:\"poppler-cpp-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"s390x\", reference:\"poppler-cpp-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"x86_64\", reference:\"poppler-cpp-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"poppler-cpp-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"poppler-cpp-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"poppler-cpp-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"poppler-cpp-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"poppler-cpp-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"i686\", reference:\"poppler-cpp-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"s390x\", reference:\"poppler-cpp-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"x86_64\", reference:\"poppler-cpp-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"poppler-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"poppler-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"poppler-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"poppler-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"poppler-debugsource-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"poppler-debugsource-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"poppler-debugsource-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"poppler-debugsource-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"poppler-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"i686\", reference:\"poppler-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"s390x\", reference:\"poppler-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"x86_64\", reference:\"poppler-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"poppler-glib-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"poppler-glib-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"poppler-glib-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"poppler-glib-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"poppler-glib-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"poppler-glib-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"poppler-glib-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"poppler-glib-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"i686\", reference:\"poppler-glib-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"s390x\", reference:\"poppler-glib-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"x86_64\", reference:\"poppler-glib-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"poppler-qt5-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"i686\", reference:\"poppler-qt5-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"s390x\", reference:\"poppler-qt5-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"x86_64\", reference:\"poppler-qt5-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"poppler-qt5-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"poppler-qt5-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"poppler-qt5-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"poppler-qt5-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"poppler-qt5-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"i686\", reference:\"poppler-qt5-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"s390x\", reference:\"poppler-qt5-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"x86_64\", reference:\"poppler-qt5-devel-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"poppler-utils-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"poppler-utils-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"poppler-utils-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"poppler-utils-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"poppler-utils-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"poppler-utils-debuginfo-0.66.0-11.el8_0.12\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-cpp / poppler-cpp-debuginfo / poppler-cpp-devel / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T15:15:51", "description": "From Red Hat Security Advisory 2019:2713 :\n\nAn update for poppler is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.\n\nSecurity Fix(es) :\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n* poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\n* poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903)\n\n* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-16T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : poppler (ELSA-2019-2713)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10871", "CVE-2019-12293", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631", "CVE-2019-9903", "CVE-2019-9959"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:poppler", "p-cpe:/a:oracle:linux:poppler-cpp", "p-cpe:/a:oracle:linux:poppler-cpp-devel", "p-cpe:/a:oracle:linux:poppler-devel", "p-cpe:/a:oracle:linux:poppler-glib", "p-cpe:/a:oracle:linux:poppler-glib-devel", "p-cpe:/a:oracle:linux:poppler-qt5", "p-cpe:/a:oracle:linux:poppler-qt5-devel", "p-cpe:/a:oracle:linux:poppler-utils", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-2713.NASL", "href": "https://www.tenable.com/plugins/nessus/128846", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:2713 and \n# Oracle Linux Security Advisory ELSA-2019-2713 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128846);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2018-18897\", \"CVE-2018-20481\", \"CVE-2018-20551\", \"CVE-2018-20650\", \"CVE-2018-20662\", \"CVE-2019-10871\", \"CVE-2019-12293\", \"CVE-2019-7310\", \"CVE-2019-9200\", \"CVE-2019-9631\", \"CVE-2019-9903\", \"CVE-2019-9959\");\n script_xref(name:\"RHSA\", value:\"2019:2713\");\n\n script_name(english:\"Oracle Linux 8 : poppler (ELSA-2019-2713)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:2713 :\n\nAn update for poppler is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nSecurity Fix(es) :\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc\n(CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function\nImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: heap-based buffer over-read in function\nPSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in\nJPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in\nGfxState.cc (CVE-2018-18897)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc\n(CVE-2018-20481)\n\n* poppler: reachable Object::getString assertion in AnnotRichMedia\nclass in Annot.c (CVE-2018-20551)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in\nFileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function\ndownsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\n* poppler: stack consumption in function Dict::find() in Dict.cc\n(CVE-2019-9903)\n\n* poppler: integer overflow in JPXStream::init function leading to\nmemory consumption (CVE-2019-9959)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-September/009153.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:poppler-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:poppler-qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"poppler-0.66.0-11.el8_0.12\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"poppler-cpp-0.66.0-11.el8_0.12\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"poppler-cpp-devel-0.66.0-11.el8_0.12\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"poppler-devel-0.66.0-11.el8_0.12\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"poppler-glib-0.66.0-11.el8_0.12\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"poppler-glib-devel-0.66.0-11.el8_0.12\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"poppler-qt5-0.66.0-11.el8_0.12\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"poppler-qt5-devel-0.66.0-11.el8_0.12\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"poppler-utils-0.66.0-11.el8_0.12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-cpp / poppler-cpp-devel / poppler-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T15:17:28", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has poppler packages installed that are affected by multiple vulnerabilities:\n\n - Poppler before 0.70.0 has a NULL pointer dereference in\n _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.\n (CVE-2018-19149)\n\n - In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646)\n\n - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.\n (CVE-2018-18897)\n\n - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.\n (CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. (CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.\n (CVE-2018-19060)\n\n - In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. (CVE-2019-7310)\n\n - A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.\n (CVE-2019-9200)\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.\n (CVE-2019-9631)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662)\n\n - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. (CVE-2018-20650)\n\n - XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.\n (CVE-2018-20481)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-10-15T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2019-0202)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0202_POPPLER.NASL", "href": "https://www.tenable.com/plugins/nessus/129923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0202. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129923);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2018-16646\",\n \"CVE-2018-18897\",\n \"CVE-2018-19058\",\n \"CVE-2018-19059\",\n \"CVE-2018-19060\",\n \"CVE-2018-19149\",\n \"CVE-2018-20481\",\n \"CVE-2018-20650\",\n \"CVE-2018-20662\",\n \"CVE-2019-7310\",\n \"CVE-2019-9200\",\n \"CVE-2019-9631\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2019-0202)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - Poppler before 0.70.0 has a NULL pointer dereference in\n _poppler_attachment_new when called from\n poppler_annot_file_attachment_get_attachment.\n (CVE-2018-19149)\n\n - In Poppler 0.68.0, the Parser::getObj() function in\n Parser.cc may cause infinite recursion via a crafted\n file. A remote attacker can leverage this for a DoS\n attack. (CVE-2018-16646)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n memory leak in GfxColorSpace::setDisplayProfile in\n GfxState.cc, as demonstrated by pdftocairo.\n (CVE-2018-18897)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n reachable abort in Object.h, will lead to denial of\n service because EmbFile::save2 in FileSpec.cc lacks a\n stream check before saving an embedded file.\n (CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n out-of-bounds read in EmbFile::save2 in FileSpec.cc,\n will lead to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating embedded files before\n save attempts. (CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n NULL pointer dereference in goo/GooString.h, will lead\n to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating a filename of an\n embedded file before constructing a save path.\n (CVE-2018-19060)\n\n - In Poppler 0.73.0, a heap-based buffer over-read (due to\n an integer signedness error in the XRef::getEntry\n function in XRef.cc) allows remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a crafted PDF document, as\n demonstrated by pdftocairo. (CVE-2019-7310)\n\n - A heap-based buffer underwrite exists in\n ImageStream::getLine() located at Stream.cc in Poppler\n 0.74.0 that can (for example) be triggered by sending a\n crafted PDF file to the pdfimages binary. It allows an\n attacker to cause Denial of Service (Segmentation fault)\n or possibly have unspecified other impact.\n (CVE-2019-9200)\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the\n CairoRescaleBox.cc downsample_row_box_filter function.\n (CVE-2019-9631)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows\n attackers to cause a denial-of-service (application\n crash caused by Object.h SIGABRT, because of a wrong\n return value from PDFDoc::setup) by crafting a PDF file\n in which an xref data structure is mishandled during\n extractPDFSubtype processing. (CVE-2018-20662)\n\n - A reachable Object::dictLookup assertion in Poppler\n 0.72.0 allows attackers to cause a denial of service due\n to the lack of a check for the dict data type, as\n demonstrated by use of the FileSpec class (in\n FileSpec.cc) in pdfdetach. (CVE-2018-20650)\n\n - XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles\n unallocated XRef entries, which allows remote attackers\n to cause a denial of service (NULL pointer dereference)\n via a crafted PDF document, when XRefEntry::setFlag in\n XRef.h is called from Parser::makeStream in Parser.cc.\n (CVE-2018-20481)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0202\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL poppler packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9631\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"poppler-0.26.5-38.el7\",\n \"poppler-cpp-0.26.5-38.el7\",\n \"poppler-cpp-devel-0.26.5-38.el7\",\n \"poppler-debuginfo-0.26.5-38.el7\",\n \"poppler-demos-0.26.5-38.el7\",\n \"poppler-devel-0.26.5-38.el7\",\n \"poppler-glib-0.26.5-38.el7\",\n \"poppler-glib-devel-0.26.5-38.el7\",\n \"poppler-qt-0.26.5-38.el7\",\n \"poppler-qt-devel-0.26.5-38.el7\",\n \"poppler-utils-0.26.5-38.el7\"\n ],\n \"CGSL MAIN 5.04\": [\n \"poppler-0.26.5-38.el7\",\n \"poppler-cpp-0.26.5-38.el7\",\n \"poppler-cpp-devel-0.26.5-38.el7\",\n \"poppler-debuginfo-0.26.5-38.el7\",\n \"poppler-demos-0.26.5-38.el7\",\n \"poppler-devel-0.26.5-38.el7\",\n \"poppler-glib-0.26.5-38.el7\",\n \"poppler-glib-devel-0.26.5-38.el7\",\n \"poppler-qt-0.26.5-38.el7\",\n \"poppler-qt-devel-0.26.5-38.el7\",\n \"poppler-utils-0.26.5-38.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T15:20:04", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has poppler packages installed that are affected by multiple vulnerabilities:\n\n - Poppler before 0.70.0 has a NULL pointer dereference in\n _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.\n (CVE-2018-19149)\n\n - In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646)\n\n - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.\n (CVE-2018-18897)\n\n - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.\n (CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. (CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.\n (CVE-2018-19060)\n\n - In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. (CVE-2019-7310)\n\n - A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.\n (CVE-2019-9200)\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.\n (CVE-2019-9631)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662)\n\n - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. (CVE-2018-20650)\n\n - XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.\n (CVE-2018-20481)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : poppler Multiple Vulnerabilities (NS-SA-2019-0249)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0249_POPPLER.NASL", "href": "https://www.tenable.com/plugins/nessus/132446", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0249. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132446);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2018-16646\",\n \"CVE-2018-18897\",\n \"CVE-2018-19058\",\n \"CVE-2018-19059\",\n \"CVE-2018-19060\",\n \"CVE-2018-19149\",\n \"CVE-2018-20481\",\n \"CVE-2018-20650\",\n \"CVE-2018-20662\",\n \"CVE-2019-7310\",\n \"CVE-2019-9200\",\n \"CVE-2019-9631\"\n );\n script_bugtraq_id(\n 106031,\n 106321,\n 106459,\n 106659,\n 106829,\n 107172\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : poppler Multiple Vulnerabilities (NS-SA-2019-0249)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - Poppler before 0.70.0 has a NULL pointer dereference in\n _poppler_attachment_new when called from\n poppler_annot_file_attachment_get_attachment.\n (CVE-2018-19149)\n\n - In Poppler 0.68.0, the Parser::getObj() function in\n Parser.cc may cause infinite recursion via a crafted\n file. A remote attacker can leverage this for a DoS\n attack. (CVE-2018-16646)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n memory leak in GfxColorSpace::setDisplayProfile in\n GfxState.cc, as demonstrated by pdftocairo.\n (CVE-2018-18897)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n reachable abort in Object.h, will lead to denial of\n service because EmbFile::save2 in FileSpec.cc lacks a\n stream check before saving an embedded file.\n (CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n out-of-bounds read in EmbFile::save2 in FileSpec.cc,\n will lead to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating embedded files before\n save attempts. (CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a\n NULL pointer dereference in goo/GooString.h, will lead\n to denial of service, as demonstrated by\n utils/pdfdetach.cc not validating a filename of an\n embedded file before constructing a save path.\n (CVE-2018-19060)\n\n - In Poppler 0.73.0, a heap-based buffer over-read (due to\n an integer signedness error in the XRef::getEntry\n function in XRef.cc) allows remote attackers to cause a\n denial of service (application crash) or possibly have\n unspecified other impact via a crafted PDF document, as\n demonstrated by pdftocairo. (CVE-2019-7310)\n\n - A heap-based buffer underwrite exists in\n ImageStream::getLine() located at Stream.cc in Poppler\n 0.74.0 that can (for example) be triggered by sending a\n crafted PDF file to the pdfimages binary. It allows an\n attacker to cause Denial of Service (Segmentation fault)\n or possibly have unspecified other impact.\n (CVE-2019-9200)\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the\n CairoRescaleBox.cc downsample_row_box_filter function.\n (CVE-2019-9631)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows\n attackers to cause a denial-of-service (application\n crash caused by Object.h SIGABRT, because of a wrong\n return value from PDFDoc::setup) by crafting a PDF file\n in which an xref data structure is mishandled during\n extractPDFSubtype processing. (CVE-2018-20662)\n\n - A reachable Object::dictLookup assertion in Poppler\n 0.72.0 allows attackers to cause a denial of service due\n to the lack of a check for the dict data type, as\n demonstrated by use of the FileSpec class (in\n FileSpec.cc) in pdfdetach. (CVE-2018-20650)\n\n - XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles\n unallocated XRef entries, which allows remote attackers\n to cause a denial of service (NULL pointer dereference)\n via a crafted PDF document, when XRefEntry::setFlag in\n XRef.h is called from Parser::makeStream in Parser.cc.\n (CVE-2018-20481)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0249\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL poppler packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9631\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"poppler-0.26.5-38.el7\",\n \"poppler-cpp-0.26.5-38.el7\",\n \"poppler-cpp-devel-0.26.5-38.el7\",\n \"poppler-debuginfo-0.26.5-38.el7\",\n \"poppler-demos-0.26.5-38.el7\",\n \"poppler-devel-0.26.5-38.el7\",\n \"poppler-glib-0.26.5-38.el7\",\n \"poppler-glib-devel-0.26.5-38.el7\",\n \"poppler-qt-0.26.5-38.el7\",\n \"poppler-qt-devel-0.26.5-38.el7\",\n \"poppler-utils-0.26.5-38.el7\"\n ],\n \"CGSL MAIN 5.05\": [\n \"poppler-0.26.5-38.el7\",\n \"poppler-cpp-0.26.5-38.el7\",\n \"poppler-cpp-devel-0.26.5-38.el7\",\n \"poppler-debuginfo-0.26.5-38.el7\",\n \"poppler-demos-0.26.5-38.el7\",\n \"poppler-devel-0.26.5-38.el7\",\n \"poppler-glib-0.26.5-38.el7\",\n \"poppler-glib-devel-0.26.5-38.el7\",\n \"poppler-qt-0.26.5-38.el7\",\n \"poppler-qt-devel-0.26.5-38.el7\",\n \"poppler-utils-0.26.5-38.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T15:09:57", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2713 advisory.\n\n - poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n - poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n - poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551)\n\n - poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n - poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n - poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n - poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n - poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n - poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n - poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\n - poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903)\n\n - poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : poppler (CESA-2019:2713)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10871", "CVE-2019-12293", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631", "CVE-2019-9903", "CVE-2019-9959"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:poppler", "p-cpe:/a:centos:centos:poppler-cpp", "p-cpe:/a:centos:centos:poppler-cpp-devel", "p-cpe:/a:centos:centos:poppler-devel", "p-cpe:/a:centos:centos:poppler-glib", "p-cpe:/a:centos:centos:poppler-glib-devel", "p-cpe:/a:centos:centos:poppler-qt5", "p-cpe:/a:centos:centos:poppler-qt5-devel", "p-cpe:/a:centos:centos:poppler-utils"], "id": "CENTOS8_RHSA-2019-2713.NASL", "href": "https://www.tenable.com/plugins/nessus/145631", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:2713. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145631);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2018-18897\",\n \"CVE-2018-20481\",\n \"CVE-2018-20551\",\n \"CVE-2018-20650\",\n \"CVE-2018-20662\",\n \"CVE-2019-7310\",\n \"CVE-2019-9200\",\n \"CVE-2019-9631\",\n \"CVE-2019-9903\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-12293\"\n );\n script_bugtraq_id(\n 106321,\n 106459,\n 106659,\n 106829,\n 107172,\n 107560,\n 107862,\n 108457,\n 109342\n );\n script_xref(name:\"RHSA\", value:\"2019:2713\");\n\n script_name(english:\"CentOS 8 : poppler (CESA-2019:2713)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:2713 advisory.\n\n - poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n - poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n - poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551)\n\n - poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n - poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n - poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc\n (CVE-2019-10871)\n\n - poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n - poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n - poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n - poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc\n (CVE-2019-9631)\n\n - poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903)\n\n - poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2713\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9631\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-qt5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-qt5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:poppler-utils\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'poppler-0.66.0-11.el8_0.12', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-0.66.0-11.el8_0.12', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-cpp-0.66.0-11.el8_0.12', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-cpp-0.66.0-11.el8_0.12', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-cpp-devel-0.66.0-11.el8_0.12', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-cpp-devel-0.66.0-11.el8_0.12', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-devel-0.66.0-11.el8_0.12', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-devel-0.66.0-11.el8_0.12', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-glib-0.66.0-11.el8_0.12', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-glib-0.66.0-11.el8_0.12', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-glib-devel-0.66.0-11.el8_0.12', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-glib-devel-0.66.0-11.el8_0.12', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-qt5-0.66.0-11.el8_0.12', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-qt5-0.66.0-11.el8_0.12', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-qt5-devel-0.66.0-11.el8_0.12', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-qt5-devel-0.66.0-11.el8_0.12', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-utils-0.66.0-11.el8_0.12', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'poppler-utils-0.66.0-11.el8_0.12', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'poppler / poppler-cpp / poppler-cpp-devel / poppler-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-06T15:17:42", "description": "In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.(CVE-2018-16646)\n\nAn issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897)\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\nAn issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060)\n\nPoppler before 0.70.0 has a NULL pointer dereference in\n_poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018-19149)\n\nXRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.(CVE-2018-20481)\n\nA reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\nIn Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)\n\nIn Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.(CVE-2019-7310)\n\nA heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.(CVE-2019-9200)\n\nPoppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-10-25T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : poppler (ALAS-2019-1332)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2019-12-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:poppler", "p-cpe:/a:amazon:linux:poppler-cpp", "p-cpe:/a:amazon:linux:poppler-cpp-devel", "p-cpe:/a:amazon:linux:poppler-debuginfo", "p-cpe:/a:amazon:linux:poppler-demos", "p-cpe:/a:amazon:linux:poppler-devel", "p-cpe:/a:amazon:linux:poppler-glib", "p-cpe:/a:amazon:linux:poppler-glib-devel", "p-cpe:/a:amazon:linux:poppler-qt", "p-cpe:/a:amazon:linux:poppler-qt-devel", "p-cpe:/a:amazon:linux:poppler-utils", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1332.NASL", "href": "https://www.tenable.com/plugins/nessus/130228", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1332.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130228);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2018-16646\", \"CVE-2018-18897\", \"CVE-2018-19058\", \"CVE-2018-19059\", \"CVE-2018-19060\", \"CVE-2018-19149\", \"CVE-2018-20481\", \"CVE-2018-20650\", \"CVE-2018-20662\", \"CVE-2019-7310\", \"CVE-2019-9200\", \"CVE-2019-9631\");\n script_xref(name:\"ALAS\", value:\"2019-1332\");\n\n script_name(english:\"Amazon Linux 2 : poppler (ALAS-2019-1332)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may\ncause infinite recursion via a crafted file. A remote attacker can\nleverage this for a DoS attack.(CVE-2018-16646)\n\nAn issue was discovered in Poppler 0.71.0. There is a memory leak in\nGfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by\npdftocairo.(CVE-2018-18897)\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort\nin Object.h, will lead to denial of service because EmbFile::save2 in\nFileSpec.cc lacks a stream check before saving an embedded\nfile.(CVE-2018-19058)\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds\nread in EmbFile::save2 in FileSpec.cc, will lead to denial of service,\nas demonstrated by utils/pdfdetach.cc not validating embedded files\nbefore save attempts.(CVE-2018-19059)\n\nAn issue was discovered in Poppler 0.71.0. There is a NULL pointer\ndereference in goo/GooString.h, will lead to denial of service, as\ndemonstrated by utils/pdfdetach.cc not validating a filename of an\nembedded file before constructing a save path.(CVE-2018-19060)\n\nPoppler before 0.70.0 has a NULL pointer dereference in\n_poppler_attachment_new when called from\npoppler_annot_file_attachment_get_attachment.(CVE-2018-19149)\n\nXRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated\nXRef entries, which allows remote attackers to cause a denial of\nservice (NULL pointer dereference) via a crafted PDF document, when\nXRefEntry::setFlag in XRef.h is called from Parser::makeStream in\nParser.cc.(CVE-2018-20481)\n\nA reachable Object::dictLookup assertion in Poppler 0.72.0 allows\nattackers to cause a denial of service due to the lack of a check for\nthe dict data type, as demonstrated by use of the FileSpec class (in\nFileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\nIn Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to\ncause a denial-of-service (application crash caused by Object.h\nSIGABRT, because of a wrong return value from PDFDoc::setup) by\ncrafting a PDF file in which an xref data structure is mishandled\nduring extractPDFSubtype processing.(CVE-2018-20662)\n\nIn Poppler 0.73.0, a heap-based buffer over-read (due to an integer\nsignedness error in the XRef::getEntry function in XRef.cc) allows\nremote attackers to cause a denial of service (application crash) or\npossibly have unspecified other impact via a crafted PDF document, as\ndemonstrated by pdftocairo.(CVE-2019-7310)\n\nA heap-based buffer underwrite exists in ImageStream::getLine()\nlocated at Stream.cc in Poppler 0.74.0 that can (for example) be\ntriggered by sending a crafted PDF file to the pdfimages binary. It\nallows an attacker to cause Denial of Service (Segmentation fault) or\npossibly have unspecified other impact.(CVE-2019-9200)\n\nPoppler 0.74.0 has a heap-based buffer over-read in the\nCairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1332.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update poppler' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"poppler-0.26.5-38.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-cpp-0.26.5-38.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-cpp-devel-0.26.5-38.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-debuginfo-0.26.5-38.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-demos-0.26.5-38.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-devel-0.26.5-38.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-glib-0.26.5-38.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-glib-devel-0.26.5-38.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-qt-0.26.5-38.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-qt-devel-0.26.5-38.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"poppler-utils-0.26.5-38.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-cpp / poppler-cpp-devel / poppler-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-19T19:34:18", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3854-1 advisory.\n\n - The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.\n (CVE-2017-18267)\n\n - Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.\n (CVE-2018-13988)\n\n - In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646)\n\n - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897)\n\n - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.\n (CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. (CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. (CVE-2018-19060)\n\n - Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. (CVE-2018-19149)\n\n - XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481)\n\n - A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.\n (CVE-2018-20551)\n\n - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. (CVE-2018-20650)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. (CVE-2019-10872)\n\n - An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. (CVE-2019-14494)\n\n - In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. (CVE-2019-7310)\n\n - A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.\n (CVE-2019-9200)\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. (CVE-2019-9631)\n\n - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. (CVE-2019-9903)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. (CVE-2020-27778)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-12-02T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : poppler (openSUSE-SU-2021:3854-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18267", "CVE-2018-13988", "CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10871", "CVE-2019-10872", "CVE-2019-14494", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631", "CVE-2019-9903", "CVE-2019-9959", "CVE-2020-27778"], "modified": "2022-09-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libpoppler73", "p-cpe:/a:novell:opensuse:libpoppler73-32bit", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-3854.NASL", "href": "https://www.tenable.com/plugins/nessus/155770", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3854-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155770);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/19\");\n\n script_cve_id(\n \"CVE-2017-18267\",\n \"CVE-2018-13988\",\n \"CVE-2018-16646\",\n \"CVE-2018-18897\",\n \"CVE-2018-19058\",\n \"CVE-2018-19059\",\n \"CVE-2018-19060\",\n \"CVE-2018-19149\",\n \"CVE-2018-20481\",\n \"CVE-2018-20551\",\n \"CVE-2018-20650\",\n \"CVE-2018-20662\",\n \"CVE-2019-7310\",\n \"CVE-2019-9200\",\n \"CVE-2019-9631\",\n \"CVE-2019-9903\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-10872\",\n \"CVE-2019-14494\",\n \"CVE-2020-27778\"\n );\n script_xref(name:\"IAVB\", value:\"2018-B-0151-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0001-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0011-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0021-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0064-S\");\n\n script_name(english:\"openSUSE 15 Security Update : poppler (openSUSE-SU-2021:3854-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:3854-1 advisory.\n\n - The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers\n to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.\n (CVE-2017-18267)\n\n - Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that\n is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and\n denial of service. This may be exploitable when a victim opens a specially crafted PDF file.\n (CVE-2018-13988)\n\n - In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted\n file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646)\n\n - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in\n GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897)\n\n - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of\n service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.\n (CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc,\n will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before\n save attempts. (CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will\n lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded\n file before constructing a save path. (CVE-2018-19060)\n\n - Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from\n poppler_annot_file_attachment_get_attachment. (CVE-2018-19149)\n\n - XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote\n attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when\n XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481)\n\n - A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service\n due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.\n (CVE-2018-20551)\n\n - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service\n due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in\n FileSpec.cc) in pdfdetach. (CVE-2018-20650)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application\n crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF\n file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n Splash::blitTransparent at splash/Splash.cc. (CVE-2019-10872)\n\n - An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function\n SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. (CVE-2019-14494)\n\n - In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry\n function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly\n have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. (CVE-2019-7310)\n\n - A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0\n that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an\n attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.\n (CVE-2019-9200)\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter\n function. (CVE-2019-9631)\n\n - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in\n the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted\n pdf file to the pdfunite binary. (CVE-2019-9903)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could\n exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would\n crash the application causing a denial of service. (CVE-2020-27778)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1092945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1102531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1107597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1114966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1115185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1115186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1115187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1115626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1124150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1127329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1129202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1130229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1131696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1131722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1142465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179163\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TS7QPSEQIBQO7BALZOE3TN7IO7IMHK3Y/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?357b921f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-13988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27778\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libpoppler73 and / or libpoppler73-32bit packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9631\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpoppler73\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libpoppler73-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'libpoppler73-0.62.0-4.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libpoppler73-32bit-0.62.0-4.6.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libpoppler73 / libpoppler73-32bit');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-09-19T19:34:04", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3854-1 advisory.\n\n - The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.\n (CVE-2017-18267)\n\n - Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.\n (CVE-2018-13988)\n\n - In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646)\n\n - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897)\n\n - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.\n (CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. (CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. (CVE-2018-19060)\n\n - Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. (CVE-2018-19149)\n\n - XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481)\n\n - A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.\n (CVE-2018-20551)\n\n - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. (CVE-2018-20650)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. (CVE-2019-10872)\n\n - An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. (CVE-2019-14494)\n\n - In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. (CVE-2019-7310)\n\n - A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.\n (CVE-2019-9200)\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. (CVE-2019-9631)\n\n - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. (CVE-2019-9903)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. (CVE-2020-27778)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-12-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : poppler (SUSE-SU-2021:3854-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18267", "CVE-2018-13988", "CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10871", "CVE-2019-10872", "CVE-2019-14494", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631", "CVE-2019-9903", "CVE-2019-9959", "CVE-2020-27778"], "modified": "2022-09-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libpoppler-cpp0", "p-cpe:/a:novell:suse_linux:libpoppler-devel", "p-cpe:/a:novell:suse_linux:libpoppler-glib-devel", "p-cpe:/a:novell:suse_linux:libpoppler-glib8", "p-cpe:/a:novell:suse_linux:libpoppler73", "p-cpe:/a:novell:suse_linux:poppler-tools", "p-cpe:/a:novell:suse_linux:typelib-1_0-Poppler-0_18", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3854-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155796", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3854-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155796);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/19\");\n\n script_cve_id(\n \"CVE-2017-18267\",\n \"CVE-2018-13988\",\n \"CVE-2018-16646\",\n \"CVE-2018-18897\",\n \"CVE-2018-19058\",\n \"CVE-2018-19059\",\n \"CVE-2018-19060\",\n \"CVE-2018-19149\",\n \"CVE-2018-20481\",\n \"CVE-2018-20551\",\n \"CVE-2018-20650\",\n \"CVE-2018-20662\",\n \"CVE-2019-7310\",\n \"CVE-2019-9200\",\n \"CVE-2019-9631\",\n \"CVE-2019-9903\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-10872\",\n \"CVE-2019-14494\",\n \"CVE-2020-27778\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3854-1\");\n script_xref(name:\"IAVB\", value:\"2018-B-0151-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0001-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0011-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0021-S\");\n script_xref(name:\"IAVB\", value:\"2019-B-0064-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : poppler (SUSE-SU-2021:3854-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:3854-1 advisory.\n\n - The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers\n to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.\n (CVE-2017-18267)\n\n - Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that\n is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and\n denial of service. This may be exploitable when a victim opens a specially crafted PDF file.\n (CVE-2018-13988)\n\n - In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted\n file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646)\n\n - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in\n GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897)\n\n - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of\n service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.\n (CVE-2018-19058)\n\n - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc,\n will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before\n save attempts. (CVE-2018-19059)\n\n - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will\n lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded\n file before constructing a save path. (CVE-2018-19060)\n\n - Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from\n poppler_annot_file_attachment_get_attachment. (CVE-2018-19149)\n\n - XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote\n attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when\n XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481)\n\n - A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service\n due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.\n (CVE-2018-20551)\n\n - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service\n due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in\n FileSpec.cc) in pdfdetach. (CVE-2018-20650)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application\n crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF\n file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n Splash::blitTransparent at splash/Splash.cc. (CVE-2019-10872)\n\n - An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function\n SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. (CVE-2019-14494)\n\n - In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry\n function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly\n have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. (CVE-2019-7310)\n\n - A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0\n that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an\n attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.\n (CVE-2019-9200)\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter\n function. (CVE-2019-9631)\n\n - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in\n the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted\n pdf file to the pdfunite binary. (CVE-2019-9903)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could\n exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would\n crash the application causing a denial of service. (CVE-2020-27778)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1092945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1102531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1107597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1114966\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1115185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1115186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1115187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1115626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1124150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1127329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1129202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1130229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1131696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1131722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1142465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179163\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009785.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?daf7711c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-18267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-13988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19059\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27778\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9631\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpoppler-cpp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpoppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpoppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpoppler-glib8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpoppler73\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:poppler-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:typelib-1_0-Poppler-0_18\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'libpoppler-cpp0-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'libpoppler-devel-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'libpoppler-glib-devel-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'libpoppler-glib8-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'libpoppler73-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'poppler-tools-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'typelib-1_0-Poppler-0_18-0.62.0-4.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libpoppler-cpp0 / libpoppler-devel / libpoppler-glib-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2022-07-07T11:06:51", "description": "Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-20T05:21:27", "type": "redhatcve", "title": "CVE-2018-21009", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21009"], "modified": "2022-07-07T10:52:54", "id": "RH:CVE-2018-21009", "href": "https://access.redhat.com/security/cve/cve-2018-21009", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-07T11:08:55", "description": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-01-10T20:20:59", "type": "redhatcve", "title": "CVE-2018-20650", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20650"], "modified": "2022-07-07T10:51:39", "id": "RH:CVE-2018-20650", "href": "https://access.redhat.com/security/cve/cve-2018-20650", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-27T10:16:12", "description": "libpoppler.so is vulnerable to denial of service (DoS). The attack exists because it does not prevent having divide-by-zero error in the function `Parser::makeStream` in `Parser.cc`.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-09-09T04:42:18", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21009"], "modified": "2021-05-10T14:13:29", "id": "VERACODE:21449", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-21449/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T11:49:48", "description": "It was discovered that poppler incorrectly handled certain PDF files. \nAn attacker could possibly use this issue to cause a denial of service. \n(CVE-2018-20481, CVE-2018-20650)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-01-22T00:00:00", "type": "ubuntu", "title": "poppler vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20650", "CVE-2018-20481"], "modified": "2019-01-22T00:00:00", "id": "USN-3865-1", "href": "https://ubuntu.com/security/notices/USN-3865-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-04T11:05:29", "description": "It was discovered that Poppler incorrectly handled certain files. If a user \nor automated system were tricked into opening a crafted PDF file, an \nattacker could cause a denial of service.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-11-25T00:00:00", "type": "ubuntu", "title": "poppler vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27778", "CVE-2019-9959", "CVE-2019-10871", "CVE-2018-21009", "CVE-2019-13283"], "modified": "2020-11-25T00:00:00", "id": "USN-4646-1", "href": "https://ubuntu.com/security/notices/USN-4646-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2021-07-25T19:36:46", "description": "**Issue Overview:**\n\nAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\nPoppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.(CVE-2018-21009)\n\nThe JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\nIn Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. (CVE-2019-12293)\n\n \n**Affected Packages:** \n\n\npoppler\n\n \n**Issue Correction:** \nRun _yum update poppler_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 poppler-0.26.5-42.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-devel-0.26.5-42.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-glib-0.26.5-42.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-glib-devel-0.26.5-42.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-qt-0.26.5-42.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-qt-devel-0.26.5-42.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-cpp-0.26.5-42.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-cpp-devel-0.26.5-42.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-utils-0.26.5-42.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-demos-0.26.5-42.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-debuginfo-0.26.5-42.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 poppler-0.26.5-42.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-devel-0.26.5-42.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-glib-0.26.5-42.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-glib-devel-0.26.5-42.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-qt-0.26.5-42.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-qt-devel-0.26.5-42.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-cpp-0.26.5-42.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-cpp-devel-0.26.5-42.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-utils-0.26.5-42.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-demos-0.26.5-42.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-debuginfo-0.26.5-42.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 poppler-0.26.5-42.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 poppler-0.26.5-42.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-devel-0.26.5-42.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-glib-0.26.5-42.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-glib-devel-0.26.5-42.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-qt-0.26.5-42.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-qt-devel-0.26.5-42.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-cpp-0.26.5-42.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-cpp-devel-0.26.5-42.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-utils-0.26.5-42.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-demos-0.26.5-42.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-debuginfo-0.26.5-42.amzn2.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-08-18T20:33:00", "type": "amazon", "title": "Medium: poppler", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-12293", "CVE-2019-9959"], "modified": "2020-08-24T23:54:00", "id": "ALAS2-2020-1481", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1481.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-25T19:23:08", "description": "**Issue Overview:**\n\nThe tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. (CVE-2019-11459)\n\nPoppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nThe JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\nAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\nIn Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. (CVE-2019-12293)\n\n \n**Affected Packages:** \n\n\npoppler\n\n \n**Issue Correction:** \nRun _yum update poppler_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 poppler-devel-0.26.5-42.20.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-debuginfo-0.26.5-42.20.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-utils-0.26.5-42.20.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-glib-0.26.5-42.20.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-0.26.5-42.20.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-cpp-devel-0.26.5-42.20.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-glib-devel-0.26.5-42.20.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-cpp-0.26.5-42.20.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 poppler-0.26.5-42.20.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 poppler-utils-0.26.5-42.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-debuginfo-0.26.5-42.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-glib-devel-0.26.5-42.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-cpp-devel-0.26.5-42.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-glib-0.26.5-42.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-devel-0.26.5-42.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-0.26.5-42.20.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-cpp-0.26.5-42.20.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-07-14T02:14:00", "type": "amazon", "title": "Medium: poppler", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-11459", "CVE-2019-12293", "CVE-2019-9959"], "modified": "2020-07-15T17:28:00", "id": "ALAS-2020-1398", "href": "https://alas.aws.amazon.com/ALAS-2020-1398.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-25T19:38:10", "description": "**Issue Overview:**\n\nIn Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.(CVE-2018-16646)\n\nAn issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897)\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\nAn issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060)\n\nPoppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018-19149)\n\nXRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.(CVE-2018-20481)\n\nA reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\nIn Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)\n\nIn Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.(CVE-2019-7310)\n\nA heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.(CVE-2019-9200)\n\nPoppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)\n\n \n**Affected Packages:** \n\n\npoppler\n\n \n**Issue Correction:** \nRun _yum update poppler_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 poppler-0.26.5-38.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-devel-0.26.5-38.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-glib-0.26.5-38.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-glib-devel-0.26.5-38.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-qt-0.26.5-38.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-qt-devel-0.26.5-38.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-cpp-0.26.5-38.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-cpp-devel-0.26.5-38.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-utils-0.26.5-38.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-demos-0.26.5-38.amzn2.aarch64 \n \u00a0\u00a0\u00a0 poppler-debuginfo-0.26.5-38.amzn2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 poppler-0.26.5-38.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-devel-0.26.5-38.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-glib-0.26.5-38.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-glib-devel-0.26.5-38.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-qt-0.26.5-38.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-qt-devel-0.26.5-38.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-cpp-0.26.5-38.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-cpp-devel-0.26.5-38.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-utils-0.26.5-38.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-demos-0.26.5-38.amzn2.i686 \n \u00a0\u00a0\u00a0 poppler-debuginfo-0.26.5-38.amzn2.i686 \n \n src: \n \u00a0\u00a0\u00a0 poppler-0.26.5-38.amzn2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 poppler-0.26.5-38.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-devel-0.26.5-38.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-glib-0.26.5-38.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-glib-devel-0.26.5-38.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-qt-0.26.5-38.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-qt-devel-0.26.5-38.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-cpp-0.26.5-38.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-cpp-devel-0.26.5-38.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-utils-0.26.5-38.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-demos-0.26.5-38.amzn2.x86_64 \n \u00a0\u00a0\u00a0 poppler-debuginfo-0.26.5-38.amzn2.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-10-21T18:01:00", "type": "amazon", "title": "Medium: poppler", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2019-10-23T23:58:00", "id": "ALAS2-2019-1332", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1332.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-25T19:24:13", "description": "**Issue Overview:**\n\nXRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.(CVE-2018-20481)\n\nIn Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646)\n\nPoppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)\n\nA reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650)\n\nAn issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059)\n\nAn issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058)\n\nPoppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018-19149)\n\nIn Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.(CVE-2019-7310)\n\nAn issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897)\n\nAn issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060)\n\nA heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.(CVE-2019-9200)\n\nIn Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)\n\n \n**Affected Packages:** \n\n\npoppler\n\n \n**Issue Correction:** \nRun _yum update poppler_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 poppler-devel-0.26.5-38.19.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-glib-devel-0.26.5-38.19.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-cpp-devel-0.26.5-38.19.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-0.26.5-38.19.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-utils-0.26.5-38.19.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-glib-0.26.5-38.19.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-debuginfo-0.26.5-38.19.amzn1.i686 \n \u00a0\u00a0\u00a0 poppler-cpp-0.26.5-38.19.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 poppler-0.26.5-38.19.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 poppler-cpp-0.26.5-38.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-0.26.5-38.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-cpp-devel-0.26.5-38.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-debuginfo-0.26.5-38.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-utils-0.26.5-38.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-devel-0.26.5-38.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-glib-devel-0.26.5-38.19.amzn1.x86_64 \n \u00a0\u00a0\u00a0 poppler-glib-0.26.5-38.19.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-23T17:01:00", "type": "amazon", "title": "Medium: poppler", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2019-08-26T22:23:00", "id": "ALAS-2019-1271", "href": "https://alas.aws.amazon.com/ALAS-2019-1271.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "poppler is a PDF rendering library. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-01-24T04:34:33", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: poppler-0.67.0-10.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650"], "modified": "2019-01-24T04:34:33", "id": "FEDORA:E01ED6076974", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CH33MK2BAV326CV7IKYGMFO4IYX552Z2/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T18:41:38", "description": "poppler is a PDF rendering library. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-02-08T02:30:13", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: poppler-0.62.0-14.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18267", "CVE-2018-13988", "CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650"], "modified": "2019-02-08T02:30:13", "id": "FEDORA:9501060491C8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WI67GY5HCZV6GQDYKCEAMSRY3LINJ7NS/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "MinGW Windows Poppler library. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-02-18T02:04:58", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-3.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16646", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650"], "modified": "2019-02-18T02:04:58", "id": "FEDORA:793E86418387", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BDSUENJ3ORHLJ5M6MBMW4GDNONBLRXC3/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-01T22:54:48", "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-10-25T17:04:25", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: xpdf-4.02-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12493", "CVE-2019-12515", "CVE-2019-12957", "CVE-2019-12958", "CVE-2019-13281", "CVE-2019-13282", "CVE-2019-13283", "CVE-2019-13286"], "modified": "2019-10-25T17:04:25", "id": "FEDORA:DC0FE602EC13", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-01T22:54:48", "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-10-25T18:09:53", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: xpdf-4.02-1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12493", "CVE-2019-12515", "CVE-2019-12957", "CVE-2019-12958", "CVE-2019-13281", "CVE-2019-13282", "CVE-2019-13283", "CVE-2019-13286"], "modified": "2019-10-25T18:09:53", "id": "FEDORA:0E9A0606E48B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TNIJWRYTCLGV35WGIHYTMMOPEEOOTIPT/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-01T22:54:48", "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-10-26T17:37:03", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: xpdf-4.02-1.fc31", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-12493", "CVE-2019-12515", "CVE-2019-12957", "CVE-2019-12958", "CVE-2019-13281", "CVE-2019-13282", "CVE-2019-13283", "CVE-2019-13286"], "modified": "2019-10-26T17:37:03", "id": "FEDORA:17FC5606733A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DJJD7X3ES7ZHJUY2R3DAVCJPV23R64VK/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "MinGW Windows Poppler library. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-03-15T18:30:03", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-4.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16646", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310"], "modified": "2019-03-15T18:30:03", "id": "FEDORA:264CB604B3B9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BMJWQCM3FLQRM6HGMJPQU3C3PKGYEB5N/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:38:18", "description": "Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.\n\nThe evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.\n\nSecurity Fix(es):\n\n* poppler: integer overflow in Parser::makeStream in Parser.cc (CVE-2018-21009)\n\n* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\n* evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-03-31T09:15:25", "type": "redhat", "title": "(RHSA-2020:1074) Moderate: poppler and evince security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-11459", "CVE-2019-12293", "CVE-2019-9959"], "modified": "2020-08-31T12:19:52", "id": "RHSA-2020:1074", "href": "https://access.redhat.com/errata/RHSA-2020:1074", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:40:36", "description": "Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular.\n\nSecurity Fix(es):\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n* poppler: reachable abort in Object.h (CVE-2018-19058)\n\n* poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059)\n\n* poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)\n\n* poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-06T07:51:02", "type": "redhat", "title": "(RHSA-2019:2022) Moderate: poppler security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2019-08-06T09:42:34", "id": "RHSA-2019:2022", "href": "https://access.redhat.com/errata/RHSA-2019:2022", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:40:33", "description": "Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.\n\nSecurity Fix(es):\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n* poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\n* poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903)\n\n* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-10T15:32:22", "type": "redhat", "title": "(RHSA-2019:2713) Moderate: poppler security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10871", "CVE-2019-12293", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631", "CVE-2019-9903", "CVE-2019-9959"], "modified": "2019-09-10T17:42:35", "id": "RHSA-2019:2713", "href": "https://access.redhat.com/errata/RHSA-2019:2713", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2022-02-27T16:05:17", "description": "**CentOS Errata and Security Advisory** CESA-2020:1074\n\n\nPoppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.\n\nThe evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.\n\nSecurity Fix(es):\n\n* poppler: integer overflow in Parser::makeStream in Parser.cc (CVE-2018-21009)\n\n* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\n* evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2020-April/019130.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2020-April/019257.html\n\n**Affected packages:**\nevince\nevince-browser-plugin\nevince-devel\nevince-dvi\nevince-libs\nevince-nautilus\npoppler\npoppler-cpp\npoppler-cpp-devel\npoppler-demos\npoppler-devel\npoppler-glib\npoppler-glib-devel\npoppler-qt\npoppler-qt-devel\npoppler-utils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2020:1074", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-04-08T17:56:37", "type": "centos", "title": "evince, poppler security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-11459", "CVE-2019-12293", "CVE-2019-9959"], "modified": "2020-04-08T19:07:43", "id": "CESA-2020:1074", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2020-April/019130.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T16:05:30", "description": "**CentOS Errata and Security Advisory** CESA-2019:2022\n\n\nPoppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular.\n\nSecurity Fix(es):\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n* poppler: reachable abort in Object.h (CVE-2018-19058)\n\n* poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059)\n\n* poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)\n\n* poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2019-August/018750.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2019-August/018910.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2019-August/018942.html\n\n**Affected packages:**\nevince\nevince-browser-plugin\nevince-devel\nevince-dvi\nevince-libs\nevince-nautilus\nokular\nokular-devel\nokular-libs\nokular-part\npoppler\npoppler-cpp\npoppler-cpp-devel\npoppler-demos\npoppler-devel\npoppler-glib\npoppler-glib-devel\npoppler-qt\npoppler-qt-devel\npoppler-utils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2019:2022", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-30T02:44:38", "type": "centos", "title": "evince, okular, poppler security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2019-08-30T03:59:37", "id": "CESA-2019:2022", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2019-August/018750.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:45", "description": "evince\n[3.28.2-9]\n- Handle failure from TIFFReadRGBAImageOriented\n- Resolves: #1717352\npoppler\n[0.26.5-42]\n- Fix potential integer overflow and check length for negative values\n- Resolves: #1757283\n[0.26.5-41]\n- Ignore dict Length if it is broken\n- Resolves: #1733026\n[0.26.5-40]\n- Fail gracefully if not all components of JPEG2000Stream\n- have the same size\n- Resolves: #1723504\n[0.26.5-39]\n- Check whether input is RGB in PSOutputDev::checkPageSlice()\n- Resolves: #1697575", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-04-06T00:00:00", "type": "oraclelinux", "title": "poppler and evince security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-11459", "CVE-2019-12293", "CVE-2019-9959"], "modified": "2020-04-06T00:00:00", "id": "ELSA-2020-1074", "href": "http://linux.oracle.com/errata/ELSA-2020-1074.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:50", "description": "evince\n[3.28.2-8]\n- Do not free EvDocumentInfo in ev_window_save_print_settings(),\n- it is freed in EvDocuments destructor\n- Resolves: #1541358\n[3.28.2-7]\n- Do not store page-scaling for documents with enforced\n- page-scaling\n- Resolves: #1541358\n[3.28.2-6]\n- Use PrintScaling preference stored in PDFs\n- Resolves: #1541358\nokular\n[4.10.5-7]\n- Fix patch adding information about substituting font\n Resolves: bz#1458037\n[4.10.5-6]\n- Fix broken dependency on kde-runtime\n Resolves: bz#1670723\n[4.10.5-5]\n- Add information about substituting font\n Resolves: bz#1458037\npoppler\n[0.26.5-38]\n- Constrain number of cycles in rescale filter\n- Compute correct coverage values for box filter\n- Resolves: #1688417\n[0.26.5-37]\n- Fix tiling patterns when pattern cell is too far\n- Resolves: #1378961\n[0.26.5-36]\n- Fix version from which PrintScaling is available\n- Resolves: #1658304\n[0.26.5-35]\n- Export PrintScaling viewer preference in glib frontend\n- Related: #1658304\n[0.26.5-34]\n- Fix a memory leak detected by Coverity Scan\n- Related: #1636103\n[0.26.5-33]\n- Only embed mime data for gray/rgb/cmyk colorspaces\n- if image decode map is identity\n- Resolves: #1636103\n[0.26.5-32]\n- Fix possible crash on broken files in ImageStream::getLine()\n- Resolves: #1685267\n[0.26.5-31]\n- Avoid global display profile state becoming an uncontrolled\n- memory leak\n- Resolves: #1648860\n[0.26.5-30]\n- Check for missing pages in documents passed to pdfunite\n- Resolves: #1677348\n[0.26.5-29]\n- Dont reuse 'entry' in Parser::makeStream\n- Resolves: #1677058\n[0.26.5-28]\n- Move the fileSpec.dictLookup call inside fileSpec.isDict if\n- Resolves: #1677029\n[0.26.5-27]\n- Defend against requests for negative XRef indices\n- Resolves: #1673700\n[0.26.5-26]\n- Add font substituteName() getter to Qt bindings\n- Resolves: bz#1639595\n[0.26.5-25]\n- Check for valid file name of embedded file\n- Resolves: #1651307\n[0.26.5-24]\n- Check for valid embedded file before trying to save it\n- Resolves: #1651306\n[0.26.5-23]\n- Check for stream before calling stream methods\n- when saving an embedded file\n- Resolves: #1651305\n[0.26.5-22]\n- Fix crash on missing embedded file\n- Resolves: #1651309\n[0.26.5-21]\n- Avoid cycles in PDF parsing\n- Resolves: #1640295", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-08-13T00:00:00", "type": "oraclelinux", "title": "poppler security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631"], "modified": "2019-08-13T00:00:00", "id": "ELSA-2019-2022", "href": "http://linux.oracle.com/errata/ELSA-2019-2022.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:53", "description": "[0.66.0-11.el8_0.12]\n- Ignore dict Length if it is broken\n- Resolves: #1741146\n[0.66.0-11.el8_0.11]\n- Check whether input is RGB in PSOutputDev::checkPageSlice()\n- (also when using '-optimizecolorspace' flag)\n- Resolves: #1741145\n[0.66.0-11.el8_0.10]\n- Fail gracefully if not all components of JPEG2000Stream\n- have the same size\n- Resolves: #1740612\n[0.66.0-11.el8_0.9]\n- Fix stack overflow on broken file\n- Resolves: #1717867\n[0.66.0-11.el8_0.8]\n- Constrain number of cycles in rescale filter\n- Compute correct coverage values for box filter\n- Resolves: #1717866\n[0.66.0-11.el8_0.7]\n- Fix possible crash on broken files in ImageStream::getLine()\n- Resolves: #1717803\n[0.66.0-11.el8_0.6]\n- Move the fileSpec.dictLookup call inside fileSpec.isDict if\n- Resolves: #1717788\n[0.66.0-11.el8_0.5]\n- Defend against requests for negative XRef indices\n- Resolves: #1717779\n[0.66.0-11.el8_0.4]\n- Do not try to parse into unallocated XRef entry\n- Resolves: #1717790\n[0.66.0-11.el8_0.3]\n- Avoid global display profile state becoming an uncontrolled\n- memory leak\n- Resolves: #1717776\n[0.66.0-11.el8_0.2]\n- Check Catalog from XRef for being a Dict\n- Resolves: #1690480\n[0.66.0-11.el8_0.1]\n- Do not try to construct invalid rich media annotation assets\n- Resolves: #1690478\n[0.66.0-11]\n- Fix tiling patterns when pattern cell is too far\n- Resolves: #1644094", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-09-12T00:00:00", "type": "oraclelinux", "title": "poppler security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10871", "CVE-2019-12293", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631", "CVE-2019-9903", "CVE-2019-9959"], "modified": "2019-09-12T00:00:00", "id": "ELSA-2019-2713", "href": "http://linux.oracle.com/errata/ELSA-2019-2713.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-05-03T17:28:15", "description": "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897) XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481) A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. (CVE-2018-20551) A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. (CVE-2018-20650) In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. (CVE-2019-7310) \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-02-20T20:56:50", "type": "mageia", "title": "Updated poppler packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2019-7310"], "modified": "2019-02-20T20:56:50", "id": "MGASA-2019-0092", "href": "https://advisories.mageia.org/MGASA-2019-0092.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-04-21T22:46:55", "description": "An update that fixes 21 vulnerabilities is now available.\n\nDescription:\n\n This update for poppler fixes the following issues:\n\n - CVE-2017-18267: Fixed an infinite recursion that would allow remote\n attackers to cause a denial of service (bsc#1092945).\n - CVE-2018-13988: Added an improper implementation check which otherwise\n could allow buffer overflows, memory corruption, and denial of service\n (bsc#1102531).\n - CVE-2018-16646: Fixed an infinite recursion which could allow a\n denial-of-service attack via a specially crafted PDF file (bsc#1107597).\n - CVE-2018-18897: Fixed a memory leak (bsc#1114966).\n - CVE-2018-19058: Fixed a bug which could allow a denial-of-service attack\n via a specially crafted PDF file (bsc#1115187).\n - CVE-2018-19059: Fixed an out-of-bounds read access which could allow a\n denial-of-service attack (bsc#1115186).\n - CVE-2018-19060: Fixed a NULL pointer dereference which could allow a\n denial-of-service attack (bsc#1115185).\n - CVE-2018-19149: Fixed a NULL pointer dereference which could allow a\n denial-of-service attack (bsc#1115626).\n - CVE-2018-20481: Fixed a NULL pointer dereference while handling\n unallocated XRef entries which could allow a denial-of-service attack\n (bsc#1120495).\n - CVE-2018-20551: Fixed a reachable assertion which could allow a\n denial-of-service attack through specially crafted PDF files\n (bsc#1120496).\n - CVE-2018-20650: Fixed a reachable assertion which could allow\n denial-of-service through specially crafted PDF files (bsc#1120939).\n - CVE-2018-20662: Fixed a bug which could potentially crash the running\n process by SIGABRT resulting in a denial-of-service attack through a\n specially crafted PDF file (bsc#1120956).\n - CVE-2019-10871: Fixed a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc (bsc#1131696).\n - CVE-2019-10872: Fixed a heap-based buffer over-read in the function\n Splash::blitTransparent at splash/Splash.cc (bsc#1131722).\n - CVE-2019-14494: Fixed a divide-by-zero error in the function\n SplashOutputDev::tilingPatternFill (bsc#1143950).\n - CVE-2019-7310: Fixed a heap-based buffer over-read (due to an integer\n signedness error in the XRef::getEntry function in XRef.cc) that allows\n remote attackers to cause a denial of service or possibly have\n unspecified other impact via a crafted PDF document (bsc#1124150).\n - CVE-2019-9200: Fixed a heap-based buffer underwrite which could allow\n denial-of-service attack through a specially crafted PDF file\n (bsc#1127329)\n - CVE-2019-9631: Fixed a heap-based buffer over-read in the\n CairoRescaleBox.cc downsample_row_box_filter function (bsc#1129202).\n - CVE-2019-9903: Fixed excessive stack consumption in the Dict::find()\n method, which can be triggered by passing a crafted pdf file to the\n pdfunite binary (bsc#1130229).\n - CVE-2019-9959: Fixed integer overflow that made it possible to allocate\n a large memory chunk on the heap with a size controlled by an attacker\n (bsc#1142465).\n - CVE-2020-27778: Fixed buffer overflow vulnerability in pdftohtml\n (bsc#1179163).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-3854=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-12-01T00:00:00", "type": "suse", "title": "Security update for poppler (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18267", "CVE-2018-13988", "CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10871", "CVE-2019-10872", "CVE-2019-14494", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631", "CVE-2019-9903", "CVE-2019-9959", "CVE-2020-27778"], "modified": "2021-12-01T00:00:00", "id": "OPENSUSE-SU-2021:3854-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TS7QPSEQIBQO7BALZOE3TN7IO7IMHK3Y/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}