Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-4646-1.NASL
HistoryNov 26, 2020 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS : poppler vulnerabilities (USN-4646-1)

2020-11-2600:00:00
Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
37
JSON

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4646-1 advisory.

  • Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)

  • The JPXStream::init function in Poppler 0.78.0 and earlier doesn’t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)

  • An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)

  • In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed- length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. (CVE-2019-13283)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4646-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(143266);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2018-21009",
    "CVE-2019-9959",
    "CVE-2019-10871",
    "CVE-2019-13283",
    "CVE-2020-27778"
  );
  script_bugtraq_id(107862, 109342);
  script_xref(name:"USN", value:"4646-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : poppler vulnerabilities (USN-4646-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as
referenced in the USN-4646-1 advisory.

  - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)

  - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream
    length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the
    heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)

  - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function
    PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)

  - In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in
    fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-
    length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It
    allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or
    possibly have unspecified other impact. (CVE-2019-13283)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-4646-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13283");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-21009");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/11/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gir1.2-poppler-0.18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0v5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-private-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt4-4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt4-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt5-1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler58");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler73");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:poppler-utils");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'gir1.2-poppler-0.18', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '16.04', 'pkgname': 'libpoppler-cpp-dev', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '16.04', 'pkgname': 'libpoppler-cpp0', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '16.04', 'pkgname': 'libpoppler-dev', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '16.04', 'pkgname': 'libpoppler-glib-dev', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '16.04', 'pkgname': 'libpoppler-glib8', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '16.04', 'pkgname': 'libpoppler-private-dev', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '16.04', 'pkgname': 'libpoppler-qt4-4', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '16.04', 'pkgname': 'libpoppler-qt4-dev', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '16.04', 'pkgname': 'libpoppler-qt5-1', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '16.04', 'pkgname': 'libpoppler-qt5-dev', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '16.04', 'pkgname': 'libpoppler58', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '16.04', 'pkgname': 'poppler-utils', 'pkgver': '0.41.0-0ubuntu1.15'},
    {'osver': '18.04', 'pkgname': 'gir1.2-poppler-0.18', 'pkgver': '0.62.0-2ubuntu2.11'},
    {'osver': '18.04', 'pkgname': 'libpoppler-cpp-dev', 'pkgver': '0.62.0-2ubuntu2.11'},
    {'osver': '18.04', 'pkgname': 'libpoppler-cpp0v5', 'pkgver': '0.62.0-2ubuntu2.11'},
    {'osver': '18.04', 'pkgname': 'libpoppler-dev', 'pkgver': '0.62.0-2ubuntu2.11'},
    {'osver': '18.04', 'pkgname': 'libpoppler-glib-dev', 'pkgver': '0.62.0-2ubuntu2.11'},
    {'osver': '18.04', 'pkgname': 'libpoppler-glib8', 'pkgver': '0.62.0-2ubuntu2.11'},
    {'osver': '18.04', 'pkgname': 'libpoppler-private-dev', 'pkgver': '0.62.0-2ubuntu2.11'},
    {'osver': '18.04', 'pkgname': 'libpoppler-qt5-1', 'pkgver': '0.62.0-2ubuntu2.11'},
    {'osver': '18.04', 'pkgname': 'libpoppler-qt5-dev', 'pkgver': '0.62.0-2ubuntu2.11'},
    {'osver': '18.04', 'pkgname': 'libpoppler73', 'pkgver': '0.62.0-2ubuntu2.11'},
    {'osver': '18.04', 'pkgname': 'poppler-utils', 'pkgver': '0.62.0-2ubuntu2.11'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-poppler-0.18 / libpoppler-cpp-dev / libpoppler-cpp0 / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linuxgir1.2-poppler-0.18p-cpe:/a:canonical:ubuntu_linux:gir1.2-poppler-0.18
canonicalubuntu_linuxlibpoppler-cpp-devp-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp-dev
canonicalubuntu_linuxlibpoppler-cpp0p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0
canonicalubuntu_linuxlibpoppler-cpp0v5p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0v5
canonicalubuntu_linuxlibpoppler-devp-cpe:/a:canonical:ubuntu_linux:libpoppler-dev
canonicalubuntu_linuxlibpoppler-glib-devp-cpe:/a:canonical:ubuntu_linux:libpoppler-glib-dev
canonicalubuntu_linuxlibpoppler-glib8p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib8
canonicalubuntu_linuxlibpoppler-private-devp-cpe:/a:canonical:ubuntu_linux:libpoppler-private-dev
Rows per page:
1-10 of 171

Related

osv 13
ubuntu 2
nessus 55
amazon 2
openvas 13
debian 6
mageia 2
oraclelinux 3
redhat 3
centos 1
rosalinux 1
prion 5
ubuntucve 5
cve 5
debiancve 5
redhatcve 4
rocky 1
veracode 4
fedora 7
cnvd 1
alpinelinux 2
almalinux 1
suse 1
kitploit 1
osv
osv
poppler vulnerabilities
2020-11-25 18:03:42
CVE-2018-21009
2019-09-05 04:15:09
CVE-2019-10871
2019-04-05 04:29:00
ubuntu
ubuntu
poppler vulnerabilities
2020-11-25 00:00:00
poppler regression
2020-11-26 00:00:00
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2020-0074)
2020-12-09 00:00:00
Amazon Linux 2 : poppler (ALAS-2020-1481)
2020-08-26 00:00:00
NewStart CGSL CORE 5.05 / MAIN 5.05 : poppler Multiple Vulnerabilities (NS-SA-2020-0110)
2020-12-09 00:00:00
amazon
amazon
Medium: poppler
2020-08-18 20:33:00
Medium: poppler
2020-07-14 02:14:00
openvas
openvas
Debian LTS: Security Advisory for poppler (DLA-1963-1)
2019-10-18 00:00:00
Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2015)
2020-01-23 00:00:00
Fedora Update for poppler FEDORA-2019-8729e0edf5
2019-08-14 00:00:00
debian
debian
[SECURITY] [DLA 1963-1] poppler security update
2019-10-17 21:17:50
[SECURITY] [DLA 1963-2] poppler regression update
2019-10-18 06:44:30
[SECURITY] [DLA 1939-1] poppler security update
2019-09-30 20:29:28
mageia
mageia
Updated poppler packages fix security vulnerabilities
2019-09-15 15:11:55
Updated poppler packages fix a security vulnerability
2020-12-03 12:54:38
oraclelinux
oraclelinux
poppler and evince security update
2020-04-06 00:00:00
poppler and evince security, bug fix, and enhancement update
2021-05-25 00:00:00
poppler security update
2019-09-12 00:00:00
redhat
redhat
(RHSA-2020:1074) Moderate: poppler and evince security update
2020-03-31 09:15:25
(RHSA-2021:1881) Moderate: poppler and evince security, bug fix, and enhancement update
2021-05-18 06:18:48
(RHSA-2019:2713) Moderate: poppler security update
2019-09-10 15:32:22
centos
centos
evince, poppler security update
2020-04-08 17:56:37
rosalinux
rosalinux
Advisory ROSA-SA-2021-1953
2021-07-02 17:59:22
prion
prion
Heap overflow
2019-07-04 20:15:00
Integer overflow
2019-09-05 04:15:00
Heap overflow
2019-04-05 04:29:00
ubuntucve
ubuntucve
CVE-2018-21009
2019-09-05 00:00:00
CVE-2019-13283
2019-07-04 00:00:00
CVE-2019-10871
2019-04-05 00:00:00
cve
cve
CVE-2019-13283
2019-07-04 20:15:00
CVE-2018-21009
2019-09-05 04:15:00
CVE-2020-27778
2020-12-03 17:15:00
debiancve
debiancve
CVE-2018-21009
2019-09-05 04:15:00
CVE-2019-13283
2019-07-04 20:15:00
CVE-2019-10871
2019-04-05 04:29:00
redhatcve
redhatcve
CVE-2018-21009
2019-09-20 05:21:27
CVE-2019-10871
2019-10-12 03:03:15
CVE-2019-9959
2019-07-23 08:22:31
rocky
rocky
poppler and evince security, bug fix, and enhancement update
2021-05-18 06:18:48
veracode
veracode
Denial Of Service (DoS)
2019-09-09 04:42:18
Denial Of Service (DoS)
2019-04-05 19:00:06
Integer Overflows
2020-04-01 00:38:38
fedora
fedora
[SECURITY] Fedora 29 Update: poppler-0.67.0-22.fc29
2019-08-13 01:59:39
[SECURITY] Fedora 30 Update: poppler-0.73.0-14.fc30
2019-08-13 01:02:24
[SECURITY] Fedora 29 Update: poppler-0.67.0-21.fc29
2019-06-22 02:56:34
cnvd
cnvd
Poppler integer overflow vulnerability
2019-07-23 00:00:00
alpinelinux
alpinelinux
CVE-2019-9959
2019-07-22 15:15:00
CVE-2020-27778
2020-12-03 17:15:00
almalinux
almalinux
Moderate: poppler and evince security, bug fix, and enhancement update
2021-05-18 06:18:48
suse
suse
Security update for poppler (important)
2021-12-01 00:00:00
kitploit
kitploit
Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS
2020-02-16 12:00:00
JSON
Related for UBUNTU_USN-4646-1.NASL
osv13ubuntu2nessus55amazon2openvas13debian6mageia2oraclelinux3redhat3centos1rosalinux1prion5ubuntucve5cve5debiancve5redhatcve4rocky1veracode4fedora7cnvd1alpinelinux2almalinux1suse1kitploit1