Slackware Linux 15.0 / current xpdf Multiple Vulnerabilities (SSA:2025-319-01)

🗓️ 15 Nov 2025 00:00:00Reported by TenableType

Slackware 15.0 and current xpdf prior to 4.06 has multiple vulnerabilities; updated packages.

Reporter	Title	Published	Views	Family All 235
AlpineLinux	CVE-2024-2971	26 Mar 202421:31	–	alpinelinux
AlpineLinux	CVE-2024-3247	2 Apr 202422:57	–	alpinelinux
AlpineLinux	CVE-2024-3248	2 Apr 202423:04	–	alpinelinux
AlpineLinux	CVE-2024-3900	17 Apr 202418:41	–	alpinelinux
AlpineLinux	CVE-2024-4141	24 Apr 202418:36	–	alpinelinux
AlpineLinux	CVE-2024-4568	6 May 202419:56	–	alpinelinux
AlpineLinux	CVE-2024-4976	15 May 202420:34	–	alpinelinux
AlpineLinux	CVE-2024-7866	15 Aug 202419:50	–	alpinelinux
AlpineLinux	CVE-2024-7867	15 Aug 202420:06	–	alpinelinux
AlpineLinux	CVE-2024-7868	15 Aug 202420:22	–	alpinelinux

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
#
# The descriptive text and package checks in this plugin were
# extracted from Slackware Security Advisory SSA:2025-319-01. The text
# itself is copyright (C) Slackware Linux, Inc.
##

include('compat.inc');

if (description)
{
  script_id(275498);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/15");

  script_cve_id(
    "CVE-2024-2971",
    "CVE-2024-3247",
    "CVE-2024-3248",
    "CVE-2024-3900",
    "CVE-2024-4141",
    "CVE-2024-4568",
    "CVE-2024-4976",
    "CVE-2024-7866",
    "CVE-2024-7867",
    "CVE-2024-7868",
    "CVE-2025-2574",
    "CVE-2025-3154",
    "CVE-2025-11896"
  );

  script_name(english:"Slackware Linux 15.0 / current xpdf  Multiple Vulnerabilities (SSA:2025-319-01)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Slackware Linux host is missing a security update to xpdf.");
  script_set_attribute(attribute:"description", value:
"The version of xpdf installed on the remote host is prior to 4.06. It is, therefore, affected by multiple
vulnerabilities as referenced in the SSA:2025-319-01 advisory.

    New xpdf packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the xpdf security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.380759
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?074de248");
  script_set_attribute(attribute:"solution", value:
"Upgrade the affected xpdf package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-7868");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-2574");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/11/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:xpdf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:15.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Slackware Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}

include("slackware.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);

var flag = 0;
var constraints = [
    { 'fixed_version' : '4.06', 'product' : 'xpdf', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'i586' },
    { 'fixed_version' : '4.06', 'product' : 'xpdf', 'os_name' : 'Slackware Linux', 'os_version' : '15.0', 'service_pack' : '1_slack15.0', 'arch' : 'x86_64' },
    { 'fixed_version' : '4.06', 'product' : 'xpdf', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'i686' },
    { 'fixed_version' : '4.06', 'product' : 'xpdf', 'os_name' : 'Slackware Linux', 'os_version' : 'current', 'service_pack' : '1', 'arch' : 'x86_64' }
];

foreach var constraint (constraints) {
    var pkg_arch = constraint['arch'];
    var arch = NULL;
    if (pkg_arch == "x86_64") {
        arch = pkg_arch;
    }
    if (slackware_check(osver:constraint['os_version'],
                        arch:arch,
                        pkgname:constraint['product'],
                        pkgver:constraint['fixed_version'],
                        pkgarch:pkg_arch,
                        pkgnum:constraint['service_pack'])) flag++;
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : slackware_report_get()
  );
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

15 Nov 2025 00:00Current

4.9Medium risk

Vulners AI Score4.9

CVSS 3.12.9 - 8.2

CVSS 42.1

EPSS0.00391

SSVC