Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2023 Greenbone AGOPENVAS:13614125623114202339821
HistoryOct 06, 2023 - 12:00 a.m.

SUSE: Security Advisory (SUSE-SU-2023:3982-1)

2023-10-0600:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
5
suse-su-2023:3982-1; greenbone ag; poppler; cve-2020-23804; cve-2020-36024; cve-2022-37050; cve-2022-37051; cve-2022-38349; vendorfix; denial of service

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.8%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2023.3982.1");
  script_cve_id("CVE-2020-23804", "CVE-2020-36024", "CVE-2022-37050", "CVE-2022-37051", "CVE-2022-38349");
  script_tag(name:"creation_date", value:"2023-10-06 04:22:20 +0000 (Fri, 06 Oct 2023)");
  script_version("2024-02-02T14:37:52+0000");
  script_tag(name:"last_modification", value:"2024-02-02 14:37:52 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-08-25 19:08:14 +0000 (Fri, 25 Aug 2023)");

  script_name("SUSE: Security Advisory (SUSE-SU-2023:3982-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP5)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:3982-1");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2023/suse-su-20233982-1/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'poppler' package(s) announced via the SUSE-SU-2023:3982-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for poppler fixes the following issues:

CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422).
CVE-2020-36024: Fixed NULL Pointer Deference in FoFiType1C:convertToType1 (bsc#1214257).
CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622).
CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621).
CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618).");

  script_tag(name:"affected", value:"'poppler' package(s) on SUSE Linux Enterprise High Performance Computing 12-SP5, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP Applications 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES12.0SP5") {

  if(!isnull(res = isrpmvuln(pkg:"libpoppler-glib8", rpm:"libpoppler-glib8~0.43.0~16.35.2", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libpoppler-glib8-debuginfo", rpm:"libpoppler-glib8-debuginfo~0.43.0~16.35.2", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libpoppler-qt4-4", rpm:"libpoppler-qt4-4~0.43.0~16.35.2", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libpoppler-qt4-4-debuginfo", rpm:"libpoppler-qt4-4-debuginfo~0.43.0~16.35.2", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libpoppler60", rpm:"libpoppler60~0.43.0~16.35.2", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libpoppler60-debuginfo", rpm:"libpoppler60-debuginfo~0.43.0~16.35.2", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"poppler-debugsource", rpm:"poppler-debugsource~0.43.0~16.35.2", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"poppler-tools", rpm:"poppler-tools~0.43.0~16.35.2", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"poppler-tools-debuginfo", rpm:"poppler-tools-debuginfo~0.43.0~16.35.2", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

openvas 11
nessus 20
osv 10
ubuntu 3
debian 2
redos 1
amazon 6
cvelist 5
prion 5
veracode 5
debiancve 5
ubuntucve 5
oraclelinux 1
cve 5
redhatcve 5
redhat 1
mageia 1
hp 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:3998-1)
2023-10-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3983-1)
2023-10-06 00:00:00
openSUSE: Security Advisory for poppler (SUSE-SU-2023:3998-1)
2024-03-04 00:00:00
nessus
nessus
SUSE SLES12 Security Update : poppler (SUSE-SU-2023:3982-1)
2023-10-06 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2023:3983-1)
2023-10-06 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : poppler (SUSE-SU-2023:3998-1)
2023-10-07 00:00:00
osv
osv
poppler regression
2023-11-28 13:11:44
poppler - security update
2023-10-16 00:00:00
poppler vulnerabilities
2023-11-23 02:47:28
ubuntu
ubuntu
poppler vulnerabilities
2023-11-23 00:00:00
poppler regression
2023-11-28 00:00:00
poppler vulnerabilities
2023-08-17 00:00:00
debian
debian
[SECURITY] [DLA 3620-1] poppler security update
2023-10-16 11:41:36
[SECURITY] [DLA 3528-1] poppler security update
2023-08-14 12:38:49
redos
redos
ROS-20230918-04
2023-09-18 00:00:00
amazon
amazon
Medium: poppler
2023-09-27 22:15:00
Medium: poppler
2023-09-27 22:49:00
Medium: poppler
2023-09-27 22:49:00
cvelist
cvelist
CVE-2020-36024
2023-08-11 00:00:00
CVE-2022-37051
2023-08-22 00:00:00
CVE-2022-38349
2023-08-22 00:00:00
prion
prion
Code injection
2023-08-22 19:16:00
Code injection
2023-08-22 19:16:00
Input validation
2023-08-22 19:16:00
veracode
veracode
Denial Of Service (DoS)
2023-08-17 14:08:38
Denial Of Service (DoS)
2023-10-10 05:48:08
Denial Of Service (DoS)
2023-10-10 05:26:42
debiancve
debiancve
CVE-2020-36024
2023-08-11 14:15:00
CVE-2022-37051
2023-08-22 19:16:00
CVE-2020-23804
2023-08-22 19:16:00
ubuntucve
ubuntucve
CVE-2022-38349
2023-08-22 00:00:00
CVE-2020-23804
2023-08-22 00:00:00
CVE-2020-36024
2023-08-11 00:00:00
oraclelinux
oraclelinux
poppler security update
2024-05-23 00:00:00
cve
cve
CVE-2022-37051
2023-08-22 19:16:00
CVE-2022-38349
2023-08-22 19:16:00
CVE-2020-23804
2023-08-22 19:16:00
redhatcve
redhatcve
CVE-2022-38349
2023-12-18 05:56:36
CVE-2022-37050
2023-08-24 19:15:30
CVE-2020-23804
2023-08-24 18:45:53
redhat
redhat
(RHSA-2024:2979) Moderate: poppler security update
2024-05-22 06:35:15
mageia
mageia
Updated poppler packages fix security vulnerability
2023-09-11 16:07:54
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.8%

JSON
Related for OPENVAS:13614125623114202339821
openvas11nessus20osv10ubuntu3debian2redos1amazon6cvelist5prion5veracode5debiancve5ubuntucve5oraclelinux1cve5redhatcve5redhat1mageia1hp1