EulerOS 2.0 SP2 : poppler (EulerOS-SA-2017-1263)

🗓️ 01 Nov 2017 00:00:00Reported by TenableType

EulerOS 2.0 SP2 poppler vulnerability (CVE-2017-15565

Reporter	Title	Published	Views	Family All 62
CNVD	Poppler Denial of Service Vulnerability (CNVD-2017-32544)	27 Oct 201700:00	–	cnvd
CVE	CVE-2017-15565	17 Oct 201722:00	–	cve
Cvelist	CVE-2017-15565	17 Oct 201722:00	–	cvelist
Debian	[SECURITY] [DLA 1177-1] poppler security update	18 Nov 201718:27	–	debian
Debian	[SECURITY] [DSA 4079-1] poppler security update	7 Jan 201820:52	–	debian
Debian CVE	CVE-2017-15565	17 Oct 201722:00	–	debiancve
Tenable Nessus	Debian DLA-1177-1 : poppler security update	20 Nov 201700:00	–	nessus
Tenable Nessus	Debian DSA-4079-1 : poppler - security update	8 Jan 201800:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP1 : poppler (EulerOS-SA-2017-1259)	1 Nov 201700:00	–	nessus
Tenable Nessus	Fedora 26 : poppler (2017-1762a103bf)	16 Nov 201700:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(104288);
  script_version("3.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/17");

  script_cve_id("CVE-2017-15565");

  script_name(english:"EulerOS 2.0 SP2 : poppler (EulerOS-SA-2017-1263)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the poppler packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerability :

  - In Poppler 0.59.0, a NULL Pointer Dereference exists in
    the GfxImageColorMap::getGrayLine() function in
    GfxState.cc via a crafted PDF document.(CVE-2017-15565)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1263
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1774021e");
  script_set_attribute(attribute:"solution", value:
"Update the affected poppler package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15565");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-glib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["poppler-0.26.5-17.h10",
        "poppler-glib-0.26.5-17.h10",
        "poppler-qt-0.26.5-17.h10",
        "poppler-utils-0.26.5-17.h10"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler");
}

17 Nov 2025 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 26.8

CVSS 38.8

EPSS0.02059