Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1986)
2020-01-23T00:00:00
ID OPENVAS:1361412562311220191986 Type openvas Reporter Copyright (C) 2020 Greenbone Networks GmbH Modified 2020-01-23T00:00:00
Description
The remote host is missing an update for the Huawei EulerOS
# Copyright (C) 2020 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) the respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2019.1986");
script_version("2020-01-23T12:30:04+0000");
script_cve_id("CVE-2019-9959");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_tag(name:"last_modification", value:"2020-01-23 12:30:04 +0000 (Thu, 23 Jan 2020)");
script_tag(name:"creation_date", value:"2020-01-23 12:30:04 +0000 (Thu, 23 Jan 2020)");
script_name("Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1986)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone Networks GmbH");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS-2\.0SP5");
script_xref(name:"EulerOS-SA", value:"2019-1986");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1986");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS
'poppler' package(s) announced via the EulerOS-SA-2019-1986 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.(CVE-2019-9959)");
script_tag(name:"affected", value:"'poppler' package(s) on Huawei EulerOS V2.0SP5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP5") {
if(!isnull(res = isrpmvuln(pkg:"poppler", rpm:"poppler~0.26.5~17.h18.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"poppler-data", rpm:"poppler-data~0.4.6~3.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"poppler-glib", rpm:"poppler-glib~0.26.5~17.h18.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"poppler-qt", rpm:"poppler-qt~0.26.5~17.h18.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"poppler-utils", rpm:"poppler-utils~0.26.5~17.h18.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
{"id": "OPENVAS:1361412562311220191986", "type": "openvas", "bulletinFamily": "scanner", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1986)", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "published": "2020-01-23T00:00:00", "modified": "2020-01-23T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191986", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["2019-1986", "https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1986"], "cvelist": ["CVE-2019-9959"], "lastseen": "2020-01-27T18:35:45", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-1986", "CVE-2019-9959"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310876674", "OPENVAS:1361412562310876672", "OPENVAS:1361412562310891963", "OPENVAS:1361412562311220192015", "OPENVAS:1361412562311220192499", "OPENVAS:1361412562311220191827"]}, {"type": "fedora", "idList": ["FEDORA:1F256613158B", "FEDORA:237BA60B3673"]}, {"type": "nessus", "idList": ["FEDORA_2019-8729E0EDF5.NASL", "FEDORA_2019-69EC14786B.NASL", "EULEROS_SA-2019-1827.NASL", "POPPLER_0_79.NASL", "EULEROS_SA-2019-1986.NASL", "AL2_ALAS-2020-1481.NASL", "EULEROS_SA-2019-2015.NASL", "NEWSTART_CGSL_NS-SA-2020-0110_POPPLER.NASL", "ALA_ALAS-2020-1398.NASL", "NEWSTART_CGSL_NS-SA-2020-0074_POPPLER.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1963-1:EE870", "DEBIAN:DLA-2440-1:A36E2"]}, {"type": "amazon", "idList": ["ALAS-2020-1398", "ALAS2-2020-1481"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2713", "ELSA-2020-1074"]}, {"type": "ubuntu", "idList": ["USN-4646-1"]}, {"type": "redhat", "idList": ["RHSA-2020:1074", "RHSA-2019:2713"]}, {"type": "centos", "idList": ["CESA-2020:1074"]}, {"type": "kitploit", "idList": ["KITPLOIT:6682186653642024628"]}, {"type": "android", "idList": ["ANDROID:CVE-2019-1986"]}], "modified": "2020-01-27T18:35:45", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2020-01-27T18:35:45", "rev": 2}, "vulnersScore": 5.9}, "pluginID": "1361412562311220191986", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1986\");\n script_version(\"2020-01-23T12:30:04+0000\");\n script_cve_id(\"CVE-2019-9959\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:30:04 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:30:04 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1986)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1986\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1986\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2019-1986 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.(CVE-2019-9959)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.26.5~17.h18.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-data\", rpm:\"poppler-data~0.4.6~3.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.26.5~17.h18.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.26.5~17.h18.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.26.5~17.h18.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "naslFamily": "Huawei EulerOS Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T21:41:58", "description": "The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.", "edition": 11, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-07-22T15:15:00", "title": "CVE-2019-9959", "type": "cve", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9959"], "modified": "2020-11-09T02:15:00", "cpe": ["cpe:/a:freedesktop:poppler:0.78.0"], "id": "CVE-2019-9959", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9959", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:freedesktop:poppler:0.78.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-01-27T18:34:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9959"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192015", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192015", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2015)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2015\");\n script_version(\"2020-01-23T12:30:56+0000\");\n script_cve_id(\"CVE-2019-9959\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:30:56 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:30:56 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2015)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2015\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2015\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2019-2015 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.(CVE-2019-9959)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.26.5~17.h16\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.26.5~17.h16\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.26.5~17.h16\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.26.5~17.h16\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-15T14:37:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9959"], "description": "The remote host is missing an update for the ", "modified": "2019-08-14T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310876672", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876672", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2019-69ec14786b", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876672\");\n script_version(\"2019-08-14T07:16:43+0000\");\n script_cve_id(\"CVE-2019-9959\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-14 07:16:43 +0000 (Wed, 14 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 02:34:49 +0000 (Wed, 14 Aug 2019)\");\n script_name(\"Fedora Update for poppler FEDORA-2019-69ec14786b\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-69ec14786b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6NX2XPMMV7O52F4NBNCHGILGJXM3OJZ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the FEDORA-2019-69ec14786b advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"poppler is a PDF rendering library.\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.73.0~14.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-15T14:38:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9959"], "description": "The remote host is missing an update for the ", "modified": "2019-08-14T00:00:00", "published": "2019-08-14T00:00:00", "id": "OPENVAS:1361412562310876674", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876674", "type": "openvas", "title": "Fedora Update for poppler FEDORA-2019-8729e0edf5", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876674\");\n script_version(\"2019-08-14T07:16:43+0000\");\n script_cve_id(\"CVE-2019-9959\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-08-14 07:16:43 +0000 (Wed, 14 Aug 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-08-14 02:34:53 +0000 (Wed, 14 Aug 2019)\");\n script_name(\"Fedora Update for poppler FEDORA-2019-8729e0edf5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-8729e0edf5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ZOYOZTGU4RGZW4E63OZ7LW4SMPEWGBV\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the FEDORA-2019-8729e0edf5 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"poppler is a PDF rendering library.\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.67.0~22.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T19:24:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10871", "CVE-2019-9959"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-10-18T00:00:00", "id": "OPENVAS:1361412562310891963", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891963", "type": "openvas", "title": "Debian LTS: Security Advisory for poppler (DLA-1963-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891963\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-10871\", \"CVE-2019-9959\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-18 02:00:15 +0000 (Fri, 18 Oct 2019)\");\n script_name(\"Debian LTS: Security Advisory for poppler (DLA-1963-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1963-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the DLA-1963-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two buffer allocation issues were identified in poppler.\n\nCVE-2019-9959\n\nAn unexpected negative length value can cause an integer\noverflow, which in turn making it possible to allocate a large\nmemory chunk on the heap with size controlled by an attacker.\n\nCVE-2019-10871\n\nThe RGB data are considered CMYK data and hence it reads 4 bytes\ninstead of 3 bytes at the end of the image. The fixed version\ndefines SPLASH_CMYK which is the upstream recommended solution.\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n0.26.5-2+deb8u12.\n\nWe recommend that you upgrade your poppler packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"gir1.2-poppler-0.18\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-cpp-dev\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-cpp0\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-dev\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-glib-dev\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-glib-doc\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-glib8\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-private-dev\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt4-4\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt4-dev\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt5-1\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler-qt5-dev\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libpoppler46\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"poppler-dbg\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"poppler-utils\", ver:\"0.26.5-2+deb8u12\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20662", "CVE-2019-9903", "CVE-2019-9959", "CVE-2019-9631"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191827", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191827", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1827)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1827\");\n script_version(\"2020-01-23T15:42:05+0000\");\n script_cve_id(\"CVE-2018-20662\", \"CVE-2019-9631\", \"CVE-2019-9903\", \"CVE-2019-9959\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 15:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:23:58 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1827)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1827\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1827\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2019-1827 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.(CVE-2019-9959)\n\nIn Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)\n\nPoppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)\n\nPDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.(CVE-2019-9903)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.67.0~1.h6.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.67.0~1.h6.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.67.0~1.h6.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.67.0~1.h6.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:32:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9408", "CVE-2017-7511", "CVE-2018-19149", "CVE-2017-9406", "CVE-2019-9959", "CVE-2017-7515"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192499", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192499", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2499)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2499\");\n script_version(\"2020-01-23T13:01:44+0000\");\n script_cve_id(\"CVE-2017-7511\", \"CVE-2017-7515\", \"CVE-2017-9406\", \"CVE-2017-9408\", \"CVE-2018-19149\", \"CVE-2019-9959\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:01:44 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:01:44 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2499)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2499\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2499\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'poppler' package(s) announced via the EulerOS-SA-2019-2499 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.(CVE-2017-7511)\n\npoppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.(CVE-2017-7515)\n\nPoppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018-19149)\n\nIn Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.(CVE-2017-9406)\n\nIn Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.(CVE-2017-9408)\n\nThe JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.(CVE-2019-9959)\");\n\n script_tag(name:\"affected\", value:\"'poppler' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.26.5~17.h18\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.26.5~17.h18\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.26.5~17.h18\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.26.5~17.h18\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9959"], "description": "poppler is a PDF rendering library. ", "modified": "2019-08-13T01:02:24", "published": "2019-08-13T01:02:24", "id": "FEDORA:1F256613158B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: poppler-0.73.0-14.fc30", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9959"], "description": "poppler is a PDF rendering library. ", "modified": "2019-08-13T01:59:39", "published": "2019-08-13T01:59:39", "id": "FEDORA:237BA60B3673", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: poppler-0.67.0-22.fc29", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-01T02:23:58", "description": "Security fix for CVE-2019-9959.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-08-13T00:00:00", "title": "Fedora 30 : poppler (2019-69ec14786b)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9959"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:poppler"], "id": "FEDORA_2019-69EC14786B.NASL", "href": "https://www.tenable.com/plugins/nessus/127825", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-69ec14786b.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127825);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-9959\");\n script_xref(name:\"FEDORA\", value:\"2019-69ec14786b\");\n\n script_name(english:\"Fedora 30 : poppler (2019-69ec14786b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-9959.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-69ec14786b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"poppler-0.73.0-14.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T04:55:04", "description": "The version of Poppler installed on the remote host is 0.79. It is, therefore, affected by \nan integer overflow vulnerability. The JPXStream::init function in Poppler 0.78.0 and earlier doesn't\ncheck for negative values of stream length, leading to an Integer Overflow, thereby making it possible\nto allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by\npdftocairo.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 17, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-07-26T00:00:00", "title": "Poppler < 0.79 Integer Overflow Vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9959"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:freedesktop:poppler"], "id": "POPPLER_0_79.NASL", "href": "https://www.tenable.com/plugins/nessus/127052", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127052);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/10/21 11:55:47\");\n\n script_cve_id(\"CVE-2019-9959\");\n script_bugtraq_id(109342);\n script_xref(name:\"IAVB\", value:\"2019-B-0064\");\n\n script_name(english:\"Poppler < 0.79 Integer Overflow Vulnerability\");\n script_summary(english:\"Checks for an installation of poppler.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A package installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Poppler installed on the remote host is 0.79. It is, therefore, affected by \nan integer overflow vulnerability. The JPXStream::init function in Poppler 0.78.0 and earlier doesn't\ncheck for negative values of stream length, leading to an Integer Overflow, thereby making it possible\nto allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by\npdftocairo.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?16a3dd86\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to a patched version of Poppler once it is available.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9959\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"agent\", value:\"unix\nmacosx\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:freedesktop:poppler\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"macosx_eval_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\ndistros = make_list(\n 'Host/AIX/lslpp',\n 'Host/Gentoo/qpkg-list',\n 'Host/HP-UX/swlist',\n 'Host/MacOSX/packages',\n 'MacOSX/packages/homebrew',\n 'Host/McAfeeLinux/rpm-list',\n 'Host/Slackware/packages',\n 'Host/Solaris/showrev',\n 'Host/Solaris11/pkg-list'\n);\n\npkgs_list = make_array();\n\ndistro = '';\n\nforeach pkgmgr (distros)\n{\n pkgs = get_kb_item(pkgmgr);\n if(pkgmgr=~'^MacOSX') sep = '|';\n else sep = '\\n';\n if(!isnull(pkgs) && 'poppler' >< pkgs)\n {\n distro = pkgmgr;\n foreach pkg (split(pkgs,sep:sep,keep:FALSE))\n {\n match = pregmatch(pattern:\"(?:lib\\d*|gir1.2-|\\s|^)poppler\\d*(?:-?(?:glib[^-]{0,2}|qt[^-]{0,2}|utils|dbg|dbgsym|debuginfo|private|devel|cpp[^-]{0,2}|gir[^-]+|dev|-0\\.18|<|-\\d|.x86-64)+)*(?:-|\\s*)(\\d+(?:\\.\\d+){1,2}(?:-[0-9]+)?)[^\\n]*\", string:pkg);\n if(!empty_or_null(match) && !empty_or_null(match[1]))\n {\n if(\"-\" >< match[1])\n pkgs_list[pkg] = str_replace(string: match[1], find:'-', replace:'.');\n else pkgs_list[pkg] = match[1];\n }\n }\n }\n}\n\nflag = 0;\nvulnerable_pkgs = '';\n\nif(!empty_or_null(pkgs_list))\n{\n foreach pkg (keys(pkgs_list))\n {\n ver = pkgs_list[pkg];\n if ((empty_or_null(ver)) || (ver !~ \"(?!^.*\\.\\..*$)^[0-9][0-9.]+?$\")) continue;\n if(\n distro =~ \"(Solaris|Solaris11|Gentoo|BSD|Slackware|HP-UX|AIX|McAfeeLinux|MacOSX)\" &&\n ver_compare(ver:ver, fix:'0.78', strict:FALSE) <= 0\n )\n {\n vulnerable_pkgs += ' ' + pkg + '\\n';\n flag++;\n }\n }\n}\nelse audit(AUDIT_NOT_INST, 'poppler');\n\nif(flag > 0)\n{\n report = '\\nThe following packages are associated with a vulnerable version of poppler : \\n\\n';\n report += vulnerable_pkgs;\n report += '\\nFix : Upgrade poppler to a fixed release.\\n';\n security_report_v4(severity:SECURITY_WARNING, extra:report, port:0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, 'poppler');\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T02:24:39", "description": "Security fix for CVE-2019-9959.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-08-13T00:00:00", "title": "Fedora 29 : poppler (2019-8729e0edf5)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9959"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:poppler"], "id": "FEDORA_2019-8729E0EDF5.NASL", "href": "https://www.tenable.com/plugins/nessus/127826", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-8729e0edf5.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127826);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-9959\");\n script_xref(name:\"FEDORA\", value:\"2019-8729e0edf5\");\n\n script_name(english:\"Fedora 29 : poppler (2019-8729e0edf5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2019-9959.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-8729e0edf5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected poppler package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"poppler-0.67.0-22.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:59:23", "description": "According to the version of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The JPXStream::init function in Poppler 0.78.0 and\n earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making\n it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as\n demonstrated by pdftocairo.(CVE-2019-9959)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-09-24T00:00:00", "title": "EulerOS 2.0 SP5 : poppler (EulerOS-SA-2019-1986)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9959"], "modified": "2019-09-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler-data", "p-cpe:/a:huawei:euleros:poppler-utils", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-qt", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1986.NASL", "href": "https://www.tenable.com/plugins/nessus/129180", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129180);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-9959\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : poppler (EulerOS-SA-2019-1986)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The JPXStream::init function in Poppler 0.78.0 and\n earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making\n it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as\n demonstrated by pdftocairo.(CVE-2019-9959)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1986\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?dfafafc8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.26.5-17.h18.eulerosv2r7\",\n \"poppler-data-0.4.6-3.eulerosv2r7\",\n \"poppler-glib-0.26.5-17.h18.eulerosv2r7\",\n \"poppler-qt-0.26.5-17.h18.eulerosv2r7\",\n \"poppler-utils-0.26.5-17.h18.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:59:32", "description": "According to the version of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The JPXStream::init function in Poppler 0.78.0 and\n earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making\n it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as\n demonstrated by pdftocairo.(CVE-2019-9959)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-09-24T00:00:00", "title": "EulerOS 2.0 SP3 : poppler (EulerOS-SA-2019-2015)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9959"], "modified": "2019-09-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler-utils", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-qt", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2015.NASL", "href": "https://www.tenable.com/plugins/nessus/129208", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129208);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-9959\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : poppler (EulerOS-SA-2019-2015)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - The JPXStream::init function in Poppler 0.78.0 and\n earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making\n it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as\n demonstrated by pdftocairo.(CVE-2019-9959)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2015\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40922773\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.26.5-17.h16\",\n \"poppler-glib-0.26.5-17.h16\",\n \"poppler-qt-0.26.5-17.h16\",\n \"poppler-utils-0.26.5-17.h16\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:59:06", "description": "According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The JPXStream::init function in Poppler 0.78.0 and\n earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making\n it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as\n demonstrated by pdftocairo.(CVE-2019-9959)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows\n attackers to cause a denial-of-service (application\n crash caused by Object.h SIGABRT, because of a wrong\n return value from PDFDoc::setup) by crafting a PDF file\n in which an xref data structure is mishandled during\n extractPDFSubtype processing.(CVE-2018-20662)\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the\n CairoRescaleBox.cc downsample_row_box_filter\n function.(CVE-2019-9631)\n\n - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0\n mishandles dict marking, leading to stack consumption\n in the function Dict::find() located at Dict.cc, which\n can (for example) be triggered by passing a crafted pdf\n file to the pdfunite binary.(CVE-2019-9903)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-27T00:00:00", "title": "EulerOS 2.0 SP8 : poppler (EulerOS-SA-2019-1827)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-20662", "CVE-2019-9903", "CVE-2019-9959", "CVE-2019-9631"], "modified": "2019-08-27T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:poppler-utils", "p-cpe:/a:huawei:euleros:poppler-glib", "p-cpe:/a:huawei:euleros:poppler", "p-cpe:/a:huawei:euleros:poppler-qt", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1827.NASL", "href": "https://www.tenable.com/plugins/nessus/128196", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128196);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-20662\",\n \"CVE-2019-9631\",\n \"CVE-2019-9903\",\n \"CVE-2019-9959\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : poppler (EulerOS-SA-2019-1827)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the poppler packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The JPXStream::init function in Poppler 0.78.0 and\n earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making\n it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as\n demonstrated by pdftocairo.(CVE-2019-9959)\n\n - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows\n attackers to cause a denial-of-service (application\n crash caused by Object.h SIGABRT, because of a wrong\n return value from PDFDoc::setup) by crafting a PDF file\n in which an xref data structure is mishandled during\n extractPDFSubtype processing.(CVE-2018-20662)\n\n - Poppler 0.74.0 has a heap-based buffer over-read in the\n CairoRescaleBox.cc downsample_row_box_filter\n function.(CVE-2019-9631)\n\n - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0\n mishandles dict marking, leading to stack consumption\n in the function Dict::find() located at Dict.cc, which\n can (for example) be triggered by passing a crafted pdf\n file to the pdfunite binary.(CVE-2019-9903)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1827\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?43292a37\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected poppler packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"poppler-0.67.0-1.h6.eulerosv2r8\",\n \"poppler-glib-0.67.0-1.h6.eulerosv2r8\",\n \"poppler-qt-0.67.0-1.h6.eulerosv2r8\",\n \"poppler-utils-0.67.0-1.h6.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-11T11:58:23", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : poppler Multiple Vulnerabilities (NS-SA-2020-0110)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-9959"], "modified": "2020-12-09T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0110_POPPLER.NASL", "href": "https://www.tenable.com/plugins/nessus/143995", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0110. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143995);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-12293\"\n );\n script_bugtraq_id(107862, 108457, 109342);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : poppler Multiple Vulnerabilities (NS-SA-2020-0110)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0110\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL poppler packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'poppler-0.26.5-42.el7',\n 'poppler-cpp-0.26.5-42.el7',\n 'poppler-cpp-devel-0.26.5-42.el7',\n 'poppler-debuginfo-0.26.5-42.el7',\n 'poppler-demos-0.26.5-42.el7',\n 'poppler-devel-0.26.5-42.el7',\n 'poppler-glib-0.26.5-42.el7',\n 'poppler-glib-devel-0.26.5-42.el7',\n 'poppler-qt-0.26.5-42.el7',\n 'poppler-qt-devel-0.26.5-42.el7',\n 'poppler-utils-0.26.5-42.el7'\n ],\n 'CGSL MAIN 5.05': [\n 'poppler-0.26.5-42.el7',\n 'poppler-cpp-0.26.5-42.el7',\n 'poppler-cpp-devel-0.26.5-42.el7',\n 'poppler-debuginfo-0.26.5-42.el7',\n 'poppler-demos-0.26.5-42.el7',\n 'poppler-devel-0.26.5-42.el7',\n 'poppler-glib-0.26.5-42.el7',\n 'poppler-glib-devel-0.26.5-42.el7',\n 'poppler-qt-0.26.5-42.el7',\n 'poppler-qt-devel-0.26.5-42.el7',\n 'poppler-utils-0.26.5-42.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'poppler');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-11T11:58:06", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2020-0074)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-9959"], "modified": "2020-12-09T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0074_POPPLER.NASL", "href": "https://www.tenable.com/plugins/nessus/143911", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0074. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143911);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-12293\"\n );\n script_bugtraq_id(107862, 108457, 109342);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2020-0074)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has poppler packages installed that are affected\nby multiple vulnerabilities:\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0074\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL poppler packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'poppler-0.26.5-42.el7',\n 'poppler-cpp-0.26.5-42.el7',\n 'poppler-cpp-devel-0.26.5-42.el7',\n 'poppler-debuginfo-0.26.5-42.el7',\n 'poppler-demos-0.26.5-42.el7',\n 'poppler-devel-0.26.5-42.el7',\n 'poppler-glib-0.26.5-42.el7',\n 'poppler-glib-devel-0.26.5-42.el7',\n 'poppler-qt-0.26.5-42.el7',\n 'poppler-qt-devel-0.26.5-42.el7',\n 'poppler-utils-0.26.5-42.el7'\n ],\n 'CGSL MAIN 5.04': [\n 'poppler-0.26.5-42.el7',\n 'poppler-cpp-0.26.5-42.el7',\n 'poppler-cpp-devel-0.26.5-42.el7',\n 'poppler-debuginfo-0.26.5-42.el7',\n 'poppler-demos-0.26.5-42.el7',\n 'poppler-devel-0.26.5-42.el7',\n 'poppler-glib-0.26.5-42.el7',\n 'poppler-glib-devel-0.26.5-42.el7',\n 'poppler-qt-0.26.5-42.el7',\n 'poppler-qt-devel-0.26.5-42.el7',\n 'poppler-utils-0.26.5-42.el7'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'poppler');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T13:13:24", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1481 advisory.\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-08-26T00:00:00", "title": "Amazon Linux 2 : poppler (ALAS-2020-1481)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-9959"], "modified": "2020-08-26T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:poppler", "p-cpe:/a:amazon:linux:poppler-cpp", "p-cpe:/a:amazon:linux:poppler-cpp-devel", "p-cpe:/a:amazon:linux:poppler-glib-devel", "p-cpe:/a:amazon:linux:poppler-glib", "p-cpe:/a:amazon:linux:poppler-utils", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:poppler-qt-devel", "p-cpe:/a:amazon:linux:poppler-qt", "p-cpe:/a:amazon:linux:poppler-demos", "p-cpe:/a:amazon:linux:poppler-devel", "p-cpe:/a:amazon:linux:poppler-debuginfo"], "id": "AL2_ALAS-2020-1481.NASL", "href": "https://www.tenable.com/plugins/nessus/139861", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1481.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139861);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/26\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-12293\"\n );\n script_bugtraq_id(109342, 107862, 108457);\n script_xref(name:\"ALAS\", value:\"2020-1481\");\n\n script_name(english:\"Amazon Linux 2 : poppler (ALAS-2020-1481)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS2-2020-1481 advisory.\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc\n via data with inconsistent heights or widths. (CVE-2019-12293)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1481.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-21009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-10871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-12293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9959\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update poppler' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-12293\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-cpp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:poppler-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'poppler-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-cpp-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-cpp-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-cpp-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-cpp-devel-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-cpp-devel-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-cpp-devel-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-debuginfo-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-debuginfo-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-debuginfo-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-demos-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-demos-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-demos-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-devel-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-devel-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-devel-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-glib-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-glib-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-glib-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-glib-devel-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-glib-devel-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-glib-devel-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-qt-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-qt-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-qt-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-qt-devel-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-qt-devel-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-qt-devel-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'poppler-utils-0.26.5-42.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'poppler-utils-0.26.5-42.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'poppler-utils-0.26.5-42.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"poppler / poppler-cpp / poppler-cpp-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-02T15:17:55", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4646-1 advisory.\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in\n fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-\n length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It\n allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or\n possibly have unspecified other impact. (CVE-2019-13283)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-11-26T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS : poppler vulnerabilities (USN-4646-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-27778", "CVE-2019-10871", "CVE-2019-13283", "CVE-2018-21009", "CVE-2019-9959"], "modified": "2020-11-26T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt5-1", "p-cpe:/a:canonical:ubuntu_linux:poppler-utils", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt4-4", "p-cpe:/a:canonical:ubuntu_linux:libpoppler73", "p-cpe:/a:canonical:ubuntu_linux:gir1.2-poppler-0.18", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0v5", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib8", "p-cpe:/a:canonical:ubuntu_linux:libpoppler58", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-private-dev", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp-dev", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt4-dev", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt5-dev", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib-dev", "p-cpe:/a:canonical:ubuntu_linux:libpoppler-dev"], "id": "UBUNTU_USN-4646-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143266", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4646-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143266);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/01\");\n\n script_cve_id(\n \"CVE-2018-21009\",\n \"CVE-2019-9959\",\n \"CVE-2019-10871\",\n \"CVE-2019-13283\",\n \"CVE-2020-27778\"\n );\n script_bugtraq_id(107862, 109342);\n script_xref(name:\"USN\", value:\"4646-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : poppler vulnerabilities (USN-4646-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4646-1 advisory.\n\n - Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. (CVE-2018-21009)\n\n - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream\n length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the\n heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)\n\n - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function\n PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)\n\n - In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in\n fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-\n length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It\n allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or\n possibly have unspecified other impact. (CVE-2019-13283)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4646-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-13283\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gir1.2-poppler-0.18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-cpp0v5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-glib8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-private-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt4-4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt4-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt5-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler-qt5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler58\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpoppler73\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:poppler-utils\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'gir1.2-poppler-0.18', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-cpp-dev', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-cpp0', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-dev', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-glib-dev', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-glib8', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-private-dev', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-qt4-4', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-qt4-dev', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-qt5-1', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler-qt5-dev', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'libpoppler58', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '16.04', 'pkgname': 'poppler-utils', 'pkgver': '0.41.0-0ubuntu1.15'},\n {'osver': '18.04', 'pkgname': 'gir1.2-poppler-0.18', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-cpp-dev', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-cpp0v5', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-dev', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-glib-dev', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-glib8', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-private-dev', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-qt5-1', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler-qt5-dev', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'libpoppler73', 'pkgver': '0.62.0-2ubuntu2.11'},\n {'osver': '18.04', 'pkgname': 'poppler-utils', 'pkgver': '0.62.0-2ubuntu2.11'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-poppler-0.18 / libpoppler-cpp-dev / libpoppler-cpp0 / etc');\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-20T01:01:29", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10871", "CVE-2019-9959"], "description": "Package : poppler\nVersion : 0.26.5-2+deb8u12\nCVE ID : CVE-2019-9959 CVE-2019-10871\n\nTwo buffer allocation issues were identified in poppler.\n\nCVE-2019-9959\n\n An unexpected negative length value can cause an integer\n overflow, which in turn making it possible to allocate a large\n memory chunk on the heap with size controlled by an attacker.\n\nCVE-2019-10871\n\n The RGB data are considered CMYK data and hence it reads 4 bytes\n instead of 3 bytes at the end of the image. The fixed version\n defines SPLASH_CMYK which is the upstream recommended solution.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n0.26.5-2+deb8u12.\n\nWe recommend that you upgrade your poppler packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 9, "modified": "2019-10-17T21:18:10", "published": "2019-10-17T21:18:10", "id": "DEBIAN:DLA-1963-1:EE870", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201910/msg00024.html", "title": "[SECURITY] [DLA 1963-1] poppler security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-09T13:20:26", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14926", "CVE-2019-10018", "CVE-2018-20650", "CVE-2019-7310", "CVE-2018-19058", "CVE-2017-14928", "CVE-2018-20662", "CVE-2019-9959", "CVE-2019-14494"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2440-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nNovember 08, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : poppler\nVersion : 0.48.0-2+deb9u4\nCVE ID : CVE-2017-14926 CVE-2017-14928 CVE-2018-19058\n CVE-2018-20650 CVE-2018-20662 CVE-2019-7310\n CVE-2019-9959 CVE-2019-10018 CVE-2019-14494\nDebian Bug : 877239 877231 913177 917974 918158 926133\n 933812 921215 941776\n \nSeveral issues were found and corrected in Poppler, a PDF rendering library,\nthat could lead to denial of service or possibly other unspecified impact when\nprocessing maliciously crafted documents.\n\nFor Debian 9 stretch, these problems have been fixed in version\n0.48.0-2+deb9u4.\n\nWe recommend that you upgrade your poppler packages.\n\nFor the detailed security status of poppler please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/poppler\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2020-11-08T23:59:52", "published": "2020-11-08T23:59:52", "id": "DEBIAN:DLA-2440-1:A36E2", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202011/msg00014.html", "title": "[SECURITY] [DLA 2440-1] poppler security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:17", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-9959"], "description": "**Issue Overview:**\n\nAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. ([CVE-2019-10871 __](<https://access.redhat.com/security/cve/CVE-2019-10871>))\n\nPoppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.([CVE-2018-21009 __](<https://access.redhat.com/security/cve/CVE-2018-21009>))\n\nThe JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. ([CVE-2019-9959 __](<https://access.redhat.com/security/cve/CVE-2019-9959>))\n\nIn Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. ([CVE-2019-12293 __](<https://access.redhat.com/security/cve/CVE-2019-12293>))\n\n \n**Affected Packages:** \n\n\npoppler\n\n \n**Issue Correction:** \nRun _yum update poppler_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n poppler-0.26.5-42.amzn2.aarch64 \n poppler-devel-0.26.5-42.amzn2.aarch64 \n poppler-glib-0.26.5-42.amzn2.aarch64 \n poppler-glib-devel-0.26.5-42.amzn2.aarch64 \n poppler-qt-0.26.5-42.amzn2.aarch64 \n poppler-qt-devel-0.26.5-42.amzn2.aarch64 \n poppler-cpp-0.26.5-42.amzn2.aarch64 \n poppler-cpp-devel-0.26.5-42.amzn2.aarch64 \n poppler-utils-0.26.5-42.amzn2.aarch64 \n poppler-demos-0.26.5-42.amzn2.aarch64 \n poppler-debuginfo-0.26.5-42.amzn2.aarch64 \n \n i686: \n poppler-0.26.5-42.amzn2.i686 \n poppler-devel-0.26.5-42.amzn2.i686 \n poppler-glib-0.26.5-42.amzn2.i686 \n poppler-glib-devel-0.26.5-42.amzn2.i686 \n poppler-qt-0.26.5-42.amzn2.i686 \n poppler-qt-devel-0.26.5-42.amzn2.i686 \n poppler-cpp-0.26.5-42.amzn2.i686 \n poppler-cpp-devel-0.26.5-42.amzn2.i686 \n poppler-utils-0.26.5-42.amzn2.i686 \n poppler-demos-0.26.5-42.amzn2.i686 \n poppler-debuginfo-0.26.5-42.amzn2.i686 \n \n src: \n poppler-0.26.5-42.amzn2.src \n \n x86_64: \n poppler-0.26.5-42.amzn2.x86_64 \n poppler-devel-0.26.5-42.amzn2.x86_64 \n poppler-glib-0.26.5-42.amzn2.x86_64 \n poppler-glib-devel-0.26.5-42.amzn2.x86_64 \n poppler-qt-0.26.5-42.amzn2.x86_64 \n poppler-qt-devel-0.26.5-42.amzn2.x86_64 \n poppler-cpp-0.26.5-42.amzn2.x86_64 \n poppler-cpp-devel-0.26.5-42.amzn2.x86_64 \n poppler-utils-0.26.5-42.amzn2.x86_64 \n poppler-demos-0.26.5-42.amzn2.x86_64 \n poppler-debuginfo-0.26.5-42.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2020-08-18T20:33:00", "published": "2020-08-18T20:33:00", "id": "ALAS2-2020-1481", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1481.html", "title": "Medium: poppler", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-11459", "CVE-2019-9959"], "description": "**Issue Overview:**\n\nThe tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. ([CVE-2019-11459 __](<https://access.redhat.com/security/cve/CVE-2019-11459>))\n\nPoppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. ([CVE-2018-21009 __](<https://access.redhat.com/security/cve/CVE-2018-21009>))\n\nThe JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. ([CVE-2019-9959 __](<https://access.redhat.com/security/cve/CVE-2019-9959>))\n\nAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. ([CVE-2019-10871 __](<https://access.redhat.com/security/cve/CVE-2019-10871>))\n\nIn Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. ([CVE-2019-12293 __](<https://access.redhat.com/security/cve/CVE-2019-12293>))\n\n \n**Affected Packages:** \n\n\npoppler\n\n \n**Issue Correction:** \nRun _yum update poppler_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n poppler-devel-0.26.5-42.20.amzn1.i686 \n poppler-debuginfo-0.26.5-42.20.amzn1.i686 \n poppler-utils-0.26.5-42.20.amzn1.i686 \n poppler-glib-0.26.5-42.20.amzn1.i686 \n poppler-0.26.5-42.20.amzn1.i686 \n poppler-cpp-devel-0.26.5-42.20.amzn1.i686 \n poppler-glib-devel-0.26.5-42.20.amzn1.i686 \n poppler-cpp-0.26.5-42.20.amzn1.i686 \n \n src: \n poppler-0.26.5-42.20.amzn1.src \n \n x86_64: \n poppler-utils-0.26.5-42.20.amzn1.x86_64 \n poppler-debuginfo-0.26.5-42.20.amzn1.x86_64 \n poppler-glib-devel-0.26.5-42.20.amzn1.x86_64 \n poppler-cpp-devel-0.26.5-42.20.amzn1.x86_64 \n poppler-glib-0.26.5-42.20.amzn1.x86_64 \n poppler-devel-0.26.5-42.20.amzn1.x86_64 \n poppler-0.26.5-42.20.amzn1.x86_64 \n poppler-cpp-0.26.5-42.20.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2020-07-14T02:14:00", "published": "2020-07-14T02:14:00", "id": "ALAS-2020-1398", "href": "https://alas.aws.amazon.com/ALAS-2020-1398.html", "title": "Medium: poppler", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2020-04-09T02:45:24", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-11459", "CVE-2019-9959"], "description": "evince\n[3.28.2-9]\n- Handle failure from TIFFReadRGBAImageOriented\n- Resolves: #1717352\npoppler\n[0.26.5-42]\n- Fix potential integer overflow and check length for negative values\n- Resolves: #1757283\n[0.26.5-41]\n- Ignore dict Length if it is broken\n- Resolves: #1733026\n[0.26.5-40]\n- Fail gracefully if not all components of JPEG2000Stream\n- have the same size\n- Resolves: #1723504\n[0.26.5-39]\n- Check whether input is RGB in PSOutputDev::checkPageSlice()\n- Resolves: #1697575", "edition": 1, "modified": "2020-04-06T00:00:00", "published": "2020-04-06T00:00:00", "id": "ELSA-2020-1074", "href": "http://linux.oracle.com/errata/ELSA-2020-1074.html", "title": "poppler and evince security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-12T20:47:47", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10871", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-18897", "CVE-2019-7310", "CVE-2019-12293", "CVE-2018-20481", "CVE-2018-20662", "CVE-2019-9903", "CVE-2019-9959", "CVE-2019-9631", "CVE-2019-9200"], "description": "[0.66.0-11.el8_0.12]\n- Ignore dict Length if it is broken\n- Resolves: #1741146\n[0.66.0-11.el8_0.11]\n- Check whether input is RGB in PSOutputDev::checkPageSlice()\n- (also when using '-optimizecolorspace' flag)\n- Resolves: #1741145\n[0.66.0-11.el8_0.10]\n- Fail gracefully if not all components of JPEG2000Stream\n- have the same size\n- Resolves: #1740612\n[0.66.0-11.el8_0.9]\n- Fix stack overflow on broken file\n- Resolves: #1717867\n[0.66.0-11.el8_0.8]\n- Constrain number of cycles in rescale filter\n- Compute correct coverage values for box filter\n- Resolves: #1717866\n[0.66.0-11.el8_0.7]\n- Fix possible crash on broken files in ImageStream::getLine()\n- Resolves: #1717803\n[0.66.0-11.el8_0.6]\n- Move the fileSpec.dictLookup call inside fileSpec.isDict if\n- Resolves: #1717788\n[0.66.0-11.el8_0.5]\n- Defend against requests for negative XRef indices\n- Resolves: #1717779\n[0.66.0-11.el8_0.4]\n- Do not try to parse into unallocated XRef entry\n- Resolves: #1717790\n[0.66.0-11.el8_0.3]\n- Avoid global display profile state becoming an uncontrolled\n- memory leak\n- Resolves: #1717776\n[0.66.0-11.el8_0.2]\n- Check Catalog from XRef for being a Dict\n- Resolves: #1690480\n[0.66.0-11.el8_0.1]\n- Do not try to construct invalid rich media annotation assets\n- Resolves: #1690478\n[0.66.0-11]\n- Fix tiling patterns when pattern cell is too far\n- Resolves: #1644094", "edition": 1, "modified": "2019-09-12T00:00:00", "published": "2019-09-12T00:00:00", "id": "ELSA-2019-2713", "href": "http://linux.oracle.com/errata/ELSA-2019-2713.html", "title": "poppler security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-11-26T06:40:22", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27778", "CVE-2019-10871", "CVE-2019-13283", "CVE-2018-21009", "CVE-2019-9959"], "description": "It was discovered that Poppler incorrectly handled certain files. If a user \nor automated system were tricked into opening a crafted PDF file, an \nattacker could cause a denial of service.", "edition": 1, "modified": "2020-11-25T00:00:00", "published": "2020-11-25T00:00:00", "id": "USN-4646-1", "href": "https://ubuntu.com/security/notices/USN-4646-1", "title": "poppler vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-08-31T14:08:27", "bulletinFamily": "unix", "cvelist": ["CVE-2018-21009", "CVE-2019-10871", "CVE-2019-11459", "CVE-2019-12293", "CVE-2019-9959"], "description": "Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.\n\nThe evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.\n\nSecurity Fix(es):\n\n* poppler: integer overflow in Parser::makeStream in Parser.cc (CVE-2018-21009)\n\n* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\n* evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.", "modified": "2020-08-31T16:19:52", "published": "2020-03-31T13:15:25", "id": "RHSA-2020:1074", "href": "https://access.redhat.com/errata/RHSA-2020:1074", "type": "redhat", "title": "(RHSA-2020:1074) Moderate: poppler and evince security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-10T18:48:04", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18897", "CVE-2018-20481", "CVE-2018-20551", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-10871", "CVE-2019-12293", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631", "CVE-2019-9903", "CVE-2019-9959"], "description": "Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.\n\nSecurity Fix(es):\n\n* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)\n\n* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)\n\n* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)\n\n* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)\n\n* poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551)\n\n* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)\n\n* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)\n\n* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)\n\n* poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903)\n\n* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-09-10T21:42:35", "published": "2019-09-10T19:32:22", "id": "RHSA-2019:2713", "href": "https://access.redhat.com/errata/RHSA-2019:2713", "type": "redhat", "title": "(RHSA-2019:2713) Moderate: poppler security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-04-08T22:43:05", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10871", "CVE-2019-12293", "CVE-2018-21009", "CVE-2019-11459", "CVE-2019-9959"], "description": "**CentOS Errata and Security Advisory** CESA-2020:1074\n\n\nPoppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince.\n\nThe evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files.\n\nSecurity Fix(es):\n\n* poppler: integer overflow in Parser::makeStream in Parser.cc (CVE-2018-21009)\n\n* poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)\n\n* poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)\n\n* poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)\n\n* evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-April/012440.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-April/012567.html\n\n**Affected packages:**\nevince\nevince-browser-plugin\nevince-devel\nevince-dvi\nevince-libs\nevince-nautilus\npoppler\npoppler-cpp\npoppler-cpp-devel\npoppler-demos\npoppler-devel\npoppler-glib\npoppler-glib-devel\npoppler-qt\npoppler-qt-devel\npoppler-utils\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-04-08T19:07:43", "published": "2020-04-08T17:56:37", "id": "CESA-2020:1074", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2020-April/012440.html", "title": "evince, poppler security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kitploit": [{"lastseen": "2020-12-08T23:26:40", "bulletinFamily": "tools", "cvelist": ["CVE-2019-12175", "CVE-2018-17019", "CVE-2019-7310", "CVE-2018-16807", "CVE-2019-9959", "CVE-2019-9631"], "description": "[  ](<https://1.bp.blogspot.com/-SZVGcGk_KGg/XkIBXHFSHKI/AAAAAAAARq0/8lI_Ku2gZtsInKRSLcr4it1eWxm4KIjfgCNcBGAsYHQ/s1600/manul_4_manul_screen_demo.gif>)\n\n \nManul is a coverage-guided parallel fuzzer for open-source and black-box binaries on Windows, Linux and macOS (beta) written in pure Python. \n \n** Quick Start ** \n\n \n \n pip3 install psutil\n git clone https://github.com/mxmssh/manul\n cd manul\n mkdir in\n mkdir out\n echo \"AAAAAA\" > in/test\n python3 manul.py -i in -o out -n 4 \"linux/test_afl @@\"\n\n \n** Installing Radamsa ** \n\n \n \n sudo apt-get install gcc make git wget\n git clone https://gitlab.com/akihe/radamsa.git && cd radamsa && make && sudo make install\n\nThere is no need to install radamsa on Windows, Manul is [ distributed ](<https://www.kitploit.com/search/label/Distributed> \"distributed\" ) with radamsa native library on this platform. \n \n** List of Public CVEs ** \nCVE IDs | Product | Finder \n---|---|--- \nCVE-2019-9631 CVE-2019-7310 CVE-2019-9959 | Poppler | Maksim Shudrak \nCVE-2018-17019 CVE-2018-16807 CVE-2019-12175 | Bro/Zeek | Maksim Shudrak \nIf you managed to find a new bug using Manul please contact me and I will add you in the list. \n \n** Dependencies ** \n\n\n 1. [ psutil ](<https://pypi.org/project/psutil/> \"psutil\" )\n 2. Python 2.7+ (will be deprecated after 1 Jan. 2020) or Python 3.7+ (preferred) \n \n** Coverage-guided fuzzing ** \nCurrently, Manul supports two types of instrumentation: AFL-based (afl-gcc, afl-clang and [ afl-clang-fast ](<https://github.com/mirrorer/afl/tree/master/llvm_mode> \"afl-clang-fast\" ) ) and DBI. \n \n** Coverage-guided fuzzing (AFL [ instrumentation ](<https://www.kitploit.com/search/label/Instrumentation> \"instrumentation\" ) mode) ** \nInstrument your target with ` afl-gcc ` or ` afl-clang-fast ` and ` Address Sanitizer ` (recommended for better results). For example: \n\n \n \n CC=afl-gcc CXX=afl-g++ CFLAGS=-fsanitize=address CXXFLAGS=-fsanitize=address cmake <path_to_your_target>\n make -j 8\n \n \n USE_ASAN=1 CC=afl-clang-fast CXX=afl-clang-fast++ cmake <path_to_your_target>\n make -j 8\n\nSee [ these instructions ](<http://lcamtuf.coredump.cx/afl/QuickStartGuide.txt> \"these instructions\" ) for more details. \n \n** Coverage-guided fuzzing (DBI mode) ** \nYou don't need to instrument your target in this mode but you need to download the latest version of DynamoRIO framework for Windows or Linux. The working version of Intel PIN is provided with Manul. You can find it in the ` dbi_clients_src/pin/pin-3.6-97554-g31f0a167d-gcc-linux ` folder. \nManul is distributed with x86/x64 precompiled clients for Linux and Windows. You can find them in the following folders: \n\n \n \n linux/dbi_32|dbi_64/afl-pin.so (Intel PIN client)\n linux/dbi_32|dbi_64/libbinafl.so (DynamoRIO client)\n win/dbi_32|dbi_64/binafl.dll\n\nUnfortunately, DynamoRIO is not officially supported on OS X. Intel PIN client on OS X is not yet ported. \n \n** Using DynamoRIO to fuzz black-box binaries ** \nYou can find DynamoRIO release packages at [ DynamoRIO download page ](<https://github.com/DynamoRIO/dynamorio/wiki/Downloads> \"DynamoRIO download page\" ) . The supported version of DynamoRIO is 7.0.0-RC1 (see the next section if you need the latest version of DynamoRIO). \nYou have to uncomment the following lines in the ` manul.config ` file and provide correct path to DynamoRIO launcher and client. \n\n \n \n # Choose DBI framework to provide coverage back to Manul (\"dynamorio\" or \"pin\"). Example dbi = dynamorio\n dbi = dynamorio\n # If dbi parameter is not None the path to dbi engine launcher and dbi client should be specified.\n dbi_root = /home/max/DynamoRIO/bin64/drrun\n dbi_client_root = /home/max/manul/linux/dbi_64/libbinafl.so\n dbi_client_libs = None\n\nIMPORTANT NOTE: You should use 32-bit launcher and 32-bit client to fuzz 32-bit binaries and 64-bit launcher and 64-bit client for 64-bit binaries! \n \n** Compiling DynamoRIO client library ** \nIf you want to use the latest version of [ DynamoRIO ](<https://github.com/DynamoRIO/dynamorio/releases/download/> \"DynamoRIO\" ) you need to compile instrumentation library from source code (see example below). The source code of instrumentation library can be found in ` dbi_clients_src ` located in the Manul main folder. On Windows, the compilation command ( ` cmake ` ) is the same as on Linux. \n\n \n \n 64-bit Linux\n \n cd dbi_clients_src\n wget https://github.com/DynamoRIO/dynamorio/releases/download/cronbuild-7.91.18124/DynamoRIO-x86_64-Linux-7.91.18124-0.tar.gz\n tar xvf DynamoRIO-x86_64-Linux-7.91.18124-0.tar.gz\n mkdir client_64\n cd client_64\n cmake ../dr_cov/ -DDynamoRIO_DIR=/home/max/manul/dbi_clients_src/DynamoRIO-x86_64-Linux-7.91.18124-0/cmake\n make\n\nIf you need to compile 32-bit library, you should download DynamoRIO-i386-Linux- ` * ` .tar.gz archive instead of x86_64 and specify ` CFLAGS=-m32 CXXFLAGS=-m32 ` before ` cmake ` command. \n \n** Using Intel PIN to fuzz black-box binaries on Linux ** \nTBD \n \n** Command-Line Arguments ** \nThe most frequently used options can be provided via the command line. The more options are supported using configuration file ( ` manul.config ` ). \n\n \n \n Example: python3 manul.py -i corpus -o out_dir -n 40 \"target @@\"\n \n positional arguments:\n target_binary The target binary and options to be executed (don't forget to include quotes e.g. \"target e @@\").\n \n optional arguments:\n -h, --help show this help message and exit\n -n NFUZZERS Number of parallel fuzzers\n -s Run dumb fuzzing (no code instrumentation)\n -c CONFIG Path to config file with additional options (see Configuration File Options section below)\n -r Restore previous session\n \n Required parameters:\n -i INPUT Path to directory with initial corpus\n -o OUTPUT Path to output directory\n \n\n \n** Configuration File Options ** \nManul is distributed with default ` manul.config ` file where user can find all supported options and usage examples. Options should be specified in the following format ` Format: <option_name> = <value> ` . Symbol ` # ` can be used to ignore a line. \n \n** Dictionary ** \n` dict = /home/max/dictionaries/test.dict ` . AFL mutation strategy allows user to specify a list of custom tokens that can be inserted at random places in the fuzzed file. Manul supports this functionality via this option (absolute paths preferred). \n \n** Mutator weights ** \n` mutator_weights=afl:7,radamsa:2,my_mutator:1 ` . Mutator weights allow user to tell Manul how many mutations per 10 executions should be performed by certain fuzzer. In this example, AFL mutator will be executed in 7/10 mutations, Radamsa 2/10 and some custom ` my_mutator ` will get 1/10. If you want to disable certain mutator, the weight should be assigned to 0 (e.g. ` mutator_weights=afl:0,radamsa:1,my_mutator:9 ` ). \n \n** Deterministic Seed (Radamsa Option) ** \n` deterministic_seed = False|True ` . By providing ` True ` , Radamsa mutations will become deterministic thereby each run of Manul will lead to same outputs. \n \n** Print Summary per Thread ** \n` print_per_thread = False|True ` . By enabling this option, Manul will print summary for each thread being executed instead of total summary. \n \n** Disable Volatile Paths ** \n` disable_volatile_bytes = False|True ` By enabling this option, Manul will not blacklist volatile paths. \n \n** AFL's forkserver (only UNIX) ** \n` forkserver_on = False|True ` Enable or disable AFL's [ forkserver ](<https://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html> \"forkserver\" ) . \n \n** DBI Options ** \n` dbi = dynamorio|pin ` . This option tells Manul which DBI framework will be used to instrument the target. \n` dbi_root = <path> ` . This options tells Manul where to find DBI framework main launcher. \n` dbi_client_root = <path> ` . This options tells Manul where to find DBI client to perform instrumentation. \n` dbi_client_libs = name_#1,name_#2|None ` . This option can be used to specify list of libraries that need to be instrumented along with the main target (e.g. you have executable that loads the target library where you want to find bugs). \n \n** Timeout ** \n` timeout = 10 ` . Time to wait before kill the target and send the next test case. \n \n** init_wait ** \n` init_wait = 1 ` . This option can be used to setup a timeout required for target to initialize. \n \n** Netslave and Netmaster Options ** \nThe options ` net_config_master ` and ` net_config_slave ` are used to distribute Manul instances over network. You have to perform the following 3 steps to run distributed fuzzing. \n\n\n 1. Create a file with a list of hosts in the following format: ` IP:port ` where your slaves will be executed. \n 2. Start all Manul slave instances on remote machines (with all required options and path to target binary) and enable the following option: ` net_config_slave = 0.0.0.0:1337 ` . Manul will launch the instance and will wait for incoming connection from master instance on port 1337. \n 3. Start the master instance and provide the file with a list of slave instances created on Step 1 using ` net_config_master = file_name ` . \n \n** Debug Mode ** \n` debug = False|True ` \\- print debug info. \n` logging_enable = False|True ` \\- save debug info in the log. \n \n** Logo ** \n` manul_logo = False|True ` \\- print Manul logo at the beginning. \n \n** Disable Stats ** \n` no_stats = False|True ` \\- save statistics. \n \n** Bitmap [ Synchronization ](<https://www.kitploit.com/search/label/Synchronization> \"Synchronization\" ) Frequency (5000 recommended for DBI mode) ** \n` sync_freq = 10000 ` . Allows user to change coverage bitmap synchronization frequency. This options tells Manul how often it should synchronize coverage between parallel fuzzing instances. Lower value decreases [ performance ](<https://www.kitploit.com/search/label/Performance> \"performance\" ) but increases coordination between instances. \n \n** Custom Path to Save Output ** \n` #custom_path = test_path ` \\- this option allows to save the test case in the custom folder (if target wants to load it from some predefined place). \n \n** Command Line Fuzzing (experimental) ** \n` cmd_fuzzing = True|False ` . If this option is enabled, Manul will provide the input in the target via [ command line ](<https://www.kitploit.com/search/label/Command%20Line> \"command line\" ) instead of saving in the file. \n \n** Ignore Signals ** \n` user_signals = 6,2,1|None ` . User can tell Manul which signals from the target should be ignored (not considered as crash). \n \n** Network Fuzzing (experimental) ** \n` target_ip_port = 127.0.0.1:7715|None ` \\- used to specify target IP and PORT. ` target_protocol = tcp|tcp ` \\- used to specify the protocol to send input in the target over network. ` net_sleep_between_cases = 0.0 ` . This option can be used to define a delay between test cases being send in the target. \nCurrently, network fuzzing is an experimental feature (see issues for more details). \n \n** Adding Custom Mutator ** \nCustom mutator can be added in the following three steps: Step 1. Create a python (.py) file and give it some name (e.g. example_mutator.py) \nStep 2. Create two functions ` def init(fuzzer_id) ` and ` def mutate(data) ` . See [ example_mutator ](<https://github.com/mxmssh/manul/blob/master/example_mutator.py> \"example_mutator\" ) for more details. Manul will call ` init ` function during fuzzing initialization and ` mutate ` for each file being provided into the target. \nStep 3. Enable mutator by specifying its name using ` mutator_weights ` in ` manul.config ` . E.g. ` mutator_weights=afl:2,radamsa:0,example_mutator:8 ` . \nNOTE: AFL and Radamsa mutators should always be specified. If you want to disable AFL and/or Radamsa just assign 0 weights to them. \n \n** Technical Details ** \nTBD \n \n** Status Screen ** \n \n\n\n[  ](<https://1.bp.blogspot.com/-AAzoDD_CELU/XkIBvt5ba7I/AAAAAAAARrA/DaaQP3MKlW8xgSKjid4C0Csr-hhO2e7UwCNcBGAsYHQ/s1600/manul_5_status_screen.jpeg>)\n\n \n \n\n\n** [ Download Manul ](<https://github.com/mxmssh/manul> \"Download Manul\" ) **\n", "edition": 9, "modified": "2020-02-16T12:00:21", "published": "2020-02-16T12:00:21", "id": "KITPLOIT:6682186653642024628", "href": "http://www.kitploit.com/2020/02/manul-coverage-guided-parallel-fuzzer.html", "title": "Manul - A Coverage-Guided Parallel Fuzzer For Open-Source And Blackbox Binaries On Windows, Linux And MacOS", "type": "kitploit", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
