Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2023-4546-1.NASL
HistoryNov 25, 2023 - 12:00 a.m.

SUSE SLES12 Security Update : poppler (SUSE-SU-2023:4546-1)

2023-11-2500:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
2
suse sles12
poppler
security update
denial of service
out of bounds read
vulnerability
remote attacker
segmentation fault
heap-based buffer over-read
recursive function call
dos
xpdf
pdf file

7.9 High

AI Score

Confidence

High

JSON

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4546-1 advisory.

  • An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. (CVE-2019-14292)

  • An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. (CVE-2019-9545)

  • Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. (CVE-2019-9631)

  • An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. (CVE-2020-36023)

  • A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. (CVE-2022-37052)

  • An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
    (CVE-2022-48545)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:4546-1. The text itself
# is copyright (C) SUSE.
##

include('compat.inc');

if (description)
{
  script_id(186252);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/25");

  script_cve_id(
    "CVE-2019-9545",
    "CVE-2019-9631",
    "CVE-2019-14292",
    "CVE-2020-36023",
    "CVE-2022-37052",
    "CVE-2022-48545"
  );
  script_xref(name:"SuSE", value:"SUSE-SU-2023:4546-1");

  script_name(english:"SUSE SLES12 Security Update : poppler (SUSE-SU-2023:4546-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as
referenced in the SUSE-SU-2023:4546-1 advisory.

  - An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function
    GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. (CVE-2019-14292)

  - An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion()
    located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages
    binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified
    other impact. This is related to JBIG2Bitmap::clearToZero. (CVE-2019-9545)

  - Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter
    function. (CVE-2019-9631)

  - An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial
    of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. (CVE-2020-36023)

  - A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service
    due to a failure in markObject. (CVE-2022-37052)

  - An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
    (CVE-2022-48545)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1128114");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1129202");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1143570");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214256");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214723");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1214726");
  # https://lists.suse.com/pipermail/sle-security-updates/2023-November/017204.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d879397b");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-14292");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9545");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-9631");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-36023");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-37052");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-48545");
  script_set_attribute(attribute:"solution", value:
"Update the affected libpoppler44 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9631");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/11/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libpoppler44");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP5", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'libpoppler44-0.24.4-14.41.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
    {'reference':'libpoppler44-0.24.4-14.41.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libpoppler44');
}
VendorProductVersionCPE
novellsuse_linux12cpe:/o:novell:suse_linux:12
novellsuse_linuxlibpoppler44p-cpe:/a:novell:suse_linux:libpoppler44

Related

openvas 25
nessus 35
prion 6
debiancve 6
ubuntucve 6
veracode 5
alpinelinux 1
cve 6
redhatcve 4
osv 10
debian 3
ubuntu 4
mageia 3
amazon 4
fedora 3
redos 1
kitploit 1
redhat 2
oraclelinux 2
centos 1
suse 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4362-1)
2023-11-06 00:00:00
openSUSE: Security Advisory for poppler (SUSE-SU-2023:4562-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for poppler (SUSE-SU-2023:4270-1)
2024-03-04 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2023:4562-1)
2023-11-25 00:00:00
SUSE SLES12 Security Update : poppler (SUSE-SU-2023:4362-1)
2023-11-04 00:00:00
openSUSE 15 Security Update : poppler (SUSE-SU-2023:4270-1)
2023-10-31 00:00:00
prion
prion
Out-of-bounds
2019-07-27 19:15:00
Design/Logic Flaw
2023-08-22 19:16:00
Design/Logic Flaw
2023-08-11 14:15:00
debiancve
debiancve
CVE-2022-48545
2023-08-22 19:16:00
CVE-2019-14292
2019-07-27 19:15:00
CVE-2022-37052
2023-08-22 19:16:00
ubuntucve
ubuntucve
CVE-2022-48545
2023-08-22 00:00:00
CVE-2019-14292
2019-07-27 00:00:00
CVE-2022-37052
2023-08-22 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-10-10 12:32:57
Denial Of Service (DoS)
2019-03-04 09:08:27
Denial Of Service (DoS)
2023-08-17 12:48:18
alpinelinux
alpinelinux
CVE-2022-48545
2023-08-22 19:16:00
cve
cve
CVE-2022-48545
2023-08-22 19:16:00
CVE-2019-14292
2019-07-27 19:15:00
CVE-2022-37052
2023-08-22 19:16:00
redhatcve
redhatcve
CVE-2020-36023
2023-08-22 17:48:59
CVE-2019-9545
2019-03-06 12:19:42
CVE-2022-37052
2023-08-24 19:15:36
osv
osv
CVE-2019-9545
2019-03-01 19:29:02
CVE-2022-37052
2023-08-22 19:16:23
CVE-2020-36023
2023-08-11 14:15:11
debian
debian
[SECURITY] [DLA 1752-1] poppler security update
2019-04-08 21:29:11
[SECURITY] [DLA 3528-1] poppler security update
2023-08-14 12:38:26
[SECURITY] [DLA 2287-1] poppler security update
2020-07-23 10:16:10
ubuntu
ubuntu
poppler vulnerabilities
2023-08-17 00:00:00
poppler regression
2023-11-28 00:00:00
poppler vulnerabilities
2023-11-23 00:00:00
mageia
mageia
Updated poppler packages fix security vulnerability
2023-09-11 16:07:54
Updated poppler packages fix security vulnerabilities
2019-09-07 00:09:08
Updated poppler packages fix security vulnerabilities
2019-09-07 00:09:08
amazon
amazon
Medium: poppler
2023-09-27 22:49:00
Medium: poppler
2023-09-27 22:15:00
Medium: poppler
2019-08-23 17:01:00
fedora
fedora
[SECURITY] Fedora 29 Update: poppler-0.67.0-16.fc29
2019-04-06 19:44:47
[SECURITY] Fedora 30 Update: poppler-0.73.0-8.fc30
2019-04-04 00:03:36
[SECURITY] Fedora 28 Update: poppler-0.62.0-20.fc28
2019-04-05 01:56:59
redos
redos
ROS-20230918-04
2023-09-18 00:00:00
kitploit
kitploit
Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS
2020-02-16 12:00:00
redhat
redhat
(RHSA-2019:2022) Moderate: poppler security, bug fix, and enhancement update
2019-08-06 07:51:02
(RHSA-2019:2713) Moderate: poppler security update
2019-09-10 15:32:22
oraclelinux
oraclelinux
poppler security update
2019-09-12 00:00:00
poppler security, bug fix, and enhancement update
2019-08-13 00:00:00
centos
centos
evince, okular, poppler security update
2019-08-30 02:44:38
suse
suse
Security update for poppler (important)
2021-12-01 00:00:00

7.9 High

AI Score

Confidence

High

JSON
Related for SUSE_SU-2023-4546-1.NASL
openvas25nessus35prion6debiancve6ubuntucve6veracode5alpinelinux1cve6redhatcve4osv10debian3ubuntu4mageia3amazon4fedora3redos1kitploit1redhat2oraclelinux2centos1suse1