The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.
poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. (CVE-2017-1000456)
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. (CVE-2017-14517)
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. (CVE-2017-14518)
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). (CVE-2017-14519)
In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. (CVE-2017-14617)
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. (CVE-2017-14926)
In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. (CVE-2017-14927)
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. (CVE-2017-14928)
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. (CVE-2017-14929)
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. (CVE-2017-14975)
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over- read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. (CVE-2017-14976)
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. (CVE-2017-14977)
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. (CVE-2017-15565)
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. (CVE-2017-7515)
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file. (CVE-2017-9083)
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9406)
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9408)
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. (CVE-2017-9865)
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
(CVE-2018-13988)
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646)
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897)
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481)
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. (CVE-2018-20650)
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662)
FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc. (CVE-2019-11026)
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. (CVE-2019-12293)
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. (CVE-2019-9543)
The JPXStream::init function in Poppler 0.78.0 and earlier doesn’t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the ‘pdftohtml’ program, would crash the application causing a denial of service. (CVE-2020-27778)
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. (CVE-2020-36023)
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. (CVE-2020-36024)
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. (CVE-2022-37050)
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
(CVE-2022-37051)
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. (CVE-2022-37052)
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. (CVE-2022-38349)
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. (CVE-2022-38784)
Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory poppler. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(196847);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");
script_cve_id(
"CVE-2017-7515",
"CVE-2017-9083",
"CVE-2017-9406",
"CVE-2017-9408",
"CVE-2017-9865",
"CVE-2017-14517",
"CVE-2017-14518",
"CVE-2017-14519",
"CVE-2017-14617",
"CVE-2017-14926",
"CVE-2017-14927",
"CVE-2017-14928",
"CVE-2017-14929",
"CVE-2017-14975",
"CVE-2017-14976",
"CVE-2017-14977",
"CVE-2017-15565",
"CVE-2017-1000456",
"CVE-2018-13988",
"CVE-2018-16646",
"CVE-2018-18897",
"CVE-2018-20481",
"CVE-2018-20650",
"CVE-2018-20662",
"CVE-2019-9543",
"CVE-2019-9631",
"CVE-2019-9959",
"CVE-2019-11026",
"CVE-2019-12293",
"CVE-2020-27778",
"CVE-2020-36023",
"CVE-2020-36024",
"CVE-2022-37050",
"CVE-2022-37051",
"CVE-2022-37052",
"CVE-2022-38349",
"CVE-2022-38784"
);
script_name(english:"RHEL 6 : poppler (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 6 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc
(CVE-2019-9631)
- freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow
in subsequent calculations. (CVE-2017-1000456)
- In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a
crafted PDF document. (CVE-2017-14517)
- In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in
Splash.cc via a crafted PDF document. (CVE-2017-14518)
- In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a
repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a
Gfx.cc infinite loop). (CVE-2017-14519)
- In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead
to a potential attack when handling malicious PDF files. (CVE-2017-14617)
- In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a
crafted PDF document. (CVE-2017-14926)
- In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in
SplashOutputDev.cc via a crafted PDF document. (CVE-2017-14927)
- In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in
Annot.cc via a crafted PDF document. (CVE-2017-14928)
- In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a
repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill,
Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability
than CVE-2017-14519. (CVE-2017-14929)
- The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference
vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of
service attack. (CVE-2017-14975)
- The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-
read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to
launch a denial of service attack. (CVE-2017-14976)
- The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference
vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of
service attack. (CVE-2017-14977)
- In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in
GfxState.cc via a crafted PDF document. (CVE-2017-15565)
- poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into
potential denial-of-service. (CVE-2017-7515)
- poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the
JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation
fault) when parsing an invalid PDF file. (CVE-2017-9083)
- In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows
attackers to cause a denial of service via a crafted file. (CVE-2017-9406)
- In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc,
which allows attackers to cause a denial of service via a crafted file. (CVE-2017-9408)
- The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a
denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related
to missing color-map validation in ImageOutputDev.cc. (CVE-2017-9865)
- Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that
is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and
denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
(CVE-2018-13988)
- In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted
file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646)
- An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in
GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897)
- XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote
attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when
XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481)
- A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service
due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in
FileSpec.cc) in pdfdetach. (CVE-2018-20650)
- In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application
crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF
file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662)
- FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to
the error function in Error.cc. (CVE-2019-11026)
- In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc
via data with inconsistent heights or widths. (CVE-2019-12293)
- An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap()
located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate
binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified
other impact. This is related to JArithmeticDecoder::decodeBit. (CVE-2019-9543)
- The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream
length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the
heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)
- A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could
exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would
crash the application causing a denial of service. (CVE-2020-27778)
- An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial
of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. (CVE-2020-36023)
- An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial
of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. (CVE-2020-36024)
- In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service
(application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled
in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of
CVE-2018-20662. (CVE-2022-37050)
- An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service
because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
(CVE-2022-37051)
- A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service
due to a failure in markObject. (CVE-2022-37052)
- An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to
denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an
embedded file. (CVE-2022-38349)
- Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder
(JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2
image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability
described by CVE-2022-38171 in Xpdf. (CVE-2022-38784)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9631");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-poppler022");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'evince', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'evince', 'cves':['CVE-2017-9083']},
{'reference':'poppler', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'poppler'}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'evince / poppler');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | 5 | cpe:/o:redhat:enterprise_linux:5 |
redhat | enterprise_linux | 6 | cpe:/o:redhat:enterprise_linux:6 |
redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8 |
redhat | enterprise_linux | compat-poppler022 | p-cpe:/a:redhat:enterprise_linux:compat-poppler022 |
redhat | enterprise_linux | evince | p-cpe:/a:redhat:enterprise_linux:evince |
redhat | enterprise_linux | poppler | p-cpe:/a:redhat:enterprise_linux:poppler |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14517
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14518
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14519
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14617
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14926
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14927
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14928
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7515
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9406
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9408
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16646
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18897
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20481
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20650
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20662
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11026
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9631
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9959
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27778
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37051
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38784