ID OPENVAS:862526 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2017-12-19T00:00:00
Description
Check for the Version of xpdf
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for xpdf FEDORA-2010-16705
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_affected = "xpdf on Fedora 12";
tag_insight = "Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. Xpdf is a small and efficient program which uses
standard X fonts.";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html");
script_id(862526);
script_version("$Revision: 8164 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_xref(name: "FEDORA", value: "2010-16705");
script_cve_id("CVE-2010-3702", "CVE-2010-3704");
script_name("Fedora Update for xpdf FEDORA-2010-16705");
script_tag(name: "summary" , value: "Check for the Version of xpdf");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC12")
{
if ((res = isrpmvuln(pkg:"xpdf", rpm:"xpdf~3.02~16.fc12", rls:"FC12")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:862526", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for xpdf FEDORA-2010-16705", "description": "Check for the Version of xpdf", "published": "2010-11-16T00:00:00", "modified": "2017-12-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=862526", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html", "2010-16705"], "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "lastseen": "2017-12-20T13:17:44", "viewCount": 0, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2017-12-20T13:17:44", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-3702", "CVE-2010-3704"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310831249", "OPENVAS:1361412562310870334", "OPENVAS:880575", "OPENVAS:1361412562310870338", "OPENVAS:1361412562310880439", "OPENVAS:831245", "OPENVAS:1361412562310122311", "OPENVAS:870334", "OPENVAS:862680", "OPENVAS:880437"]}, {"type": "centos", "idList": ["CESA-2010:0749", "CESA-2010:0752", "CESA-2010:0751", "CESA-2010:0753"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0751", "ELSA-2010-0859", "ELSA-2010-0749", "ELSA-2010-0753", "ELSA-2010-0752"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2135.NASL", "SL_20101007_KDEGRAPHICS_ON_SL4_X.NASL", "MANDRIVA_MDVSA-2010-230.NASL", "SL_20101007_POPPLER_ON_SL5_X.NASL", "SUSE_11_LIBPOPPLER-DEVEL-101016.NASL", "MANDRIVA_MDVSA-2010-228.NASL", "FEDORA_2010-16705.NASL", "FEDORA_2010-16662.NASL", "SL_20101007_XPDF_ON_SL3_X.NASL", "FEDORA_2010-16744.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:24911", "SECURITYVULNS:VULN:11200"]}, {"type": "redhat", "idList": ["RHSA-2010:0753", "RHSA-2010:0751", "RHSA-2010:0859", "RHSA-2010:0752", "RHSA-2010:0749"]}, {"type": "fedora", "idList": ["FEDORA:38D4B110845", "FEDORA:1F22D1116C5", "FEDORA:021DE1119B9", "FEDORA:DC2AF110A87", "FEDORA:3CC1711158A"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2135-1:65DF2", "DEBIAN:DSA-2116-1:BF569"]}, {"type": "slackware", "idList": ["SSA-2010-324-02"]}], "modified": "2017-12-20T13:17:44", "rev": 2}, "vulnersScore": 6.5}, "pluginID": "862526", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xpdf FEDORA-2010-16705\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xpdf on Fedora 12\";\ntag_insight = \"Xpdf is an X Window System based viewer for Portable Document Format\n (PDF) files. Xpdf is a small and efficient program which uses\n standard X fonts.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html\");\n script_id(862526);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16705\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_name(\"Fedora Update for xpdf FEDORA-2010-16705\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~16.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:45:02", "description": "The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.", "edition": 5, "cvss3": {}, "published": "2010-11-05T18:00:00", "title": "CVE-2010-3702", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3702"], "modified": "2020-12-23T15:01:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/o:redhat:enterprise_linux_desktop:5.0", "cpe:/o:opensuse:opensuse:11.2", "cpe:/o:redhat:enterprise_linux_workstation:5.0", "cpe:/o:canonical:ubuntu_linux:6.06", "cpe:/a:xpdfreader:xpdf:3.02", "cpe:/o:suse:linux_enterprise_server:10", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:fedoraproject:fedora:13", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:fedoraproject:fedora:14", "cpe:/a:freedesktop:poppler:0.15.1", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:opensuse:opensuse:11.1", "cpe:/o:opensuse:opensuse:11.3", "cpe:/o:fedoraproject:fedora:12", "cpe:/o:redhat:enterprise_linux_server:5.0", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:apple:cups:1.3.11", "cpe:/o:suse:linux_enterprise_server:9", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/a:xpdfreader:xpdf:3.01"], "id": "CVE-2010-3702", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3702", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:xpdfreader:xpdf:3.02:-:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "cpe:2.3:a:freedesktop:poppler:0.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:xpdfreader:xpdf:3.02:pl2:*:*:*:*:*:*", "cpe:2.3:a:xpdfreader:xpdf:3.01:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:xpdfreader:xpdf:3.02:pl3:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:xpdfreader:xpdf:3.02:pl4:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe:2.3:a:xpdfreader:xpdf:3.02:pl1:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:45:02", "description": "The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.", "edition": 7, "cvss3": {}, "published": "2010-11-05T18:00:00", "title": "CVE-2010-3704", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-3704"], "modified": "2019-03-06T16:30:00", "cpe": ["cpe:/a:glyphandcog:xpdfreader:3.02", "cpe:/a:kde:kdegraphics:*", "cpe:/a:poppler:poppler:0.9.3", "cpe:/a:glyphandcog:xpdfreader:0.4", "cpe:/a:poppler:poppler:0.12.0", "cpe:/a:foolabs:xpdf:0.91c", "cpe:/a:poppler:poppler:0.9.1", "cpe:/a:foolabs:xpdf:0.92a", "cpe:/a:foolabs:xpdf:0.91b", "cpe:/a:poppler:poppler:0.15.1", "cpe:/a:poppler:poppler:0.10.5", "cpe:/a:poppler:poppler:0.13.3", "cpe:/a:poppler:poppler:0.14.5", "cpe:/a:poppler:poppler:0.10.2", "cpe:/a:foolabs:xpdf:1.00a", "cpe:/a:poppler:poppler:0.11.3", "cpe:/a:glyphandcog:xpdfreader:0.3", "cpe:/a:poppler:poppler:0.10.6", "cpe:/a:glyphandcog:xpdfreader:0.6", "cpe:/a:glyphandcog:xpdfreader:0.91", "cpe:/a:glyphandcog:xpdfreader:0.5", "cpe:/a:foolabs:xpdf:3.02pl3", "cpe:/a:foolabs:xpdf:3.02pl1", "cpe:/a:foolabs:xpdf:0.92b", "cpe:/a:poppler:poppler:0.12.3", "cpe:/a:poppler:poppler:0.10.1", "cpe:/a:glyphandcog:xpdfreader:3.01", "cpe:/a:foolabs:xpdf:0.93b", "cpe:/a:glyphandcog:xpdfreader:0.93", "cpe:/a:foolabs:xpdf:0.91a", "cpe:/a:poppler:poppler:0.11.2", "cpe:/a:poppler:poppler:0.14.2", "cpe:/a:poppler:poppler:0.14.0", "cpe:/a:poppler:poppler:0.13.0", "cpe:/a:glyphandcog:xpdfreader:0.7", "cpe:/a:glyphandcog:xpdfreader:2.01", "cpe:/a:glyphandcog:xpdfreader:1.00", "cpe:/a:glyphandcog:xpdfreader:2.03", "cpe:/a:poppler:poppler:0.14.4", "cpe:/a:foolabs:xpdf:0.93c", "cpe:/a:foolabs:xpdf:0.92c", "cpe:/a:poppler:poppler:0.11.0", "cpe:/a:glyphandcog:xpdfreader:2.02", "cpe:/a:poppler:poppler:0.10.0", "cpe:/a:glyphandcog:xpdfreader:2.00", "cpe:/a:foolabs:xpdf:0.93a", "cpe:/a:poppler:poppler:0.14.3", "cpe:/a:poppler:poppler:0.12.1", "cpe:/a:poppler:poppler:0.10.3", "cpe:/a:poppler:poppler:0.13.1", "cpe:/a:poppler:poppler:0.12.2", "cpe:/a:foolabs:xpdf:0.92e", "cpe:/a:poppler:poppler:0.14.1", "cpe:/a:poppler:poppler:0.9.0", "cpe:/a:foolabs:xpdf:0.92d", "cpe:/a:glyphandcog:xpdfreader:0.92", "cpe:/a:foolabs:xpdf:0.7a", "cpe:/a:poppler:poppler:0.13.2", "cpe:/a:poppler:poppler:0.11.1", "cpe:/a:poppler:poppler:0.10.4", "cpe:/a:poppler:poppler:0.15.0", "cpe:/a:poppler:poppler:0.10.7", "cpe:/a:glyphandcog:xpdfreader:0.80", "cpe:/a:poppler:poppler:0.13.4", "cpe:/a:poppler:poppler:0.8.7", "cpe:/a:glyphandcog:xpdfreader:1.01", "cpe:/a:glyphandcog:xpdfreader:3.00", "cpe:/a:foolabs:xpdf:3.02pl2", "cpe:/a:glyphandcog:xpdfreader:0.90", "cpe:/a:poppler:poppler:0.12.4", "cpe:/a:poppler:poppler:0.9.2", "cpe:/a:foolabs:xpdf:0.5a", "cpe:/a:foolabs:xpdf:3.0.1", "cpe:/a:glyphandcog:xpdfreader:0.2"], "id": "CVE-2010-3704", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3704", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:3.02pl3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:3.02pl2:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:kde:kdegraphics:*:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.7:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.15.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.4:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.5:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.2:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:3.02pl1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.12.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.6:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.13.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-03T10:54:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "Check for the Version of xpdf", "modified": "2018-01-02T00:00:00", "published": "2010-10-19T00:00:00", "id": "OPENVAS:1361412562310870335", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870335", "type": "openvas", "title": "RedHat Update for xpdf RHSA-2010:0751-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for xpdf RHSA-2010:0751-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Xpdf is an X Window System based viewer for Portable Document Format (PDF)\n files.\n\n An uninitialized pointer use flaw was discovered in Xpdf. An attacker could\n create a malicious PDF file that, when opened, would cause Xpdf to crash\n or, potentially, execute arbitrary code. (CVE-2010-3702)\n \n An array index error was found in the way Xpdf parsed PostScript Type 1\n fonts embedded in PDF documents. An attacker could create a malicious PDF\n file that, when opened, would cause Xpdf to crash or, potentially, execute\n arbitrary code. (CVE-2010-3704)\n \n Users are advised to upgrade to this updated package, which contains\n backported patches to correct these issues.\";\n\ntag_affected = \"xpdf on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-October/msg00006.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870335\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0751-01\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_name(\"RedHat Update for xpdf RHSA-2010:0751-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~24.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.00~24.el4_8.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 2135-1.", "modified": "2019-03-18T00:00:00", "published": "2011-03-07T00:00:00", "id": "OPENVAS:136141256231068977", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068977", "type": "openvas", "title": "Debian Security Advisory DSA 2135-1 (xpdf)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2135_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2135-1 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68977\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-07 16:04:02 +0100 (Mon, 07 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_name(\"Debian Security Advisory DSA 2135-1 (xpdf)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB5\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202135-1\");\n script_tag(name:\"insight\", value:\"Joel Voss of Leviathan Security Group discovered two vulnerabilities\nin xpdf rendering engine, which may lead to the execution of arbitrary\ncode if a malformed PDF file is opened.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.02-1.4+lenny3.\n\nFor the upcoming stable distribution (squeeze) and the unstable\ndistribution (sid), these problems don't apply, since xpdf has been\npatched to use the Poppler PDF library.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your poppler packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to xpdf\nannounced via advisory DSA 2135-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"xpdf\", ver:\"3.02-1.4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xpdf-common\", ver:\"3.02-1.4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xpdf-reader\", ver:\"3.02-1.4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xpdf-utils\", ver:\"3.02-1.4+lenny3\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-12-14T11:49:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "Check for the Version of gpdf", "modified": "2017-12-13T00:00:00", "published": "2010-10-19T00:00:00", "id": "OPENVAS:880439", "href": "http://plugins.openvas.org/nasl.php?oid=880439", "type": "openvas", "title": "CentOS Update for gpdf CESA-2010:0752 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gpdf CESA-2010:0752 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GPdf is a viewer for Portable Document Format (PDF) files.\n\n An uninitialized pointer use flaw was discovered in GPdf. An attacker could\n create a malicious PDF file that, when opened, would cause GPdf to crash\n or, potentially, execute arbitrary code. (CVE-2010-3702)\n \n An array index error was found in the way GPdf parsed PostScript Type 1\n fonts embedded in PDF documents. An attacker could create a malicious PDF\n file that, when opened, would cause GPdf to crash or, potentially, execute\n arbitrary code. (CVE-2010-3704)\n \n Users are advised to upgrade to this updated package, which contains\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gpdf on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017049.html\");\n script_id(880439);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0752\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_name(\"CentOS Update for gpdf CESA-2010:0752 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_8.7\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "Check for the Version of xpdf", "modified": "2017-12-25T00:00:00", "published": "2010-10-19T00:00:00", "id": "OPENVAS:880441", "href": "http://plugins.openvas.org/nasl.php?oid=880441", "type": "openvas", "title": "CentOS Update for xpdf CESA-2010:0751 centos4 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xpdf CESA-2010:0751 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Xpdf is an X Window System based viewer for Portable Document Format (PDF)\n files.\n\n An uninitialized pointer use flaw was discovered in Xpdf. An attacker could\n create a malicious PDF file that, when opened, would cause Xpdf to crash\n or, potentially, execute arbitrary code. (CVE-2010-3702)\n \n An array index error was found in the way Xpdf parsed PostScript Type 1\n fonts embedded in PDF documents. An attacker could create a malicious PDF\n file that, when opened, would cause Xpdf to crash or, potentially, execute\n arbitrary code. (CVE-2010-3704)\n \n Users are advised to upgrade to this updated package, which contains\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"xpdf on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-October/017047.html\");\n script_id(880441);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0751\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_name(\"CentOS Update for xpdf CESA-2010:0751 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~24.el4_8.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "Check for the Version of xpdf", "modified": "2017-12-22T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:862680", "href": "http://plugins.openvas.org/nasl.php?oid=862680", "type": "openvas", "title": "Fedora Update for xpdf FEDORA-2010-16744", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xpdf FEDORA-2010-16744\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"xpdf on Fedora 14\";\ntag_insight = \"Xpdf is an X Window System based viewer for Portable Document Format\n (PDF) files. Xpdf is a small and efficient program which uses\n standard X fonts.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html\");\n script_id(862680);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-16744\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_name(\"Fedora Update for xpdf FEDORA-2010-16744\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~16.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-18T10:58:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "Check for the Version of xpdf", "modified": "2017-12-18T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:831245", "href": "http://plugins.openvas.org/nasl.php?oid=831245", "type": "openvas", "title": "Mandriva Update for xpdf MDVSA-2010:228 (xpdf)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for xpdf MDVSA-2010:228 (xpdf)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered and corrected in xpdf:\n\n The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5,\n allows context-dependent attackers to cause a denial of service (crash)\n via unknown vectors that trigger an uninitialized pointer dereference\n (CVE-2010-3702).\n \n The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser\n in xpdf before 3.02pl5, allows context-dependent attackers to cause a\n denial of service (crash) and possibly execute arbitrary code via a PDF\n file with a crafted Type1 font that contains a negative array index,\n which bypasses input validation and which triggers memory corruption\n (CVE-2010-3704).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"xpdf on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00020.php\");\n script_id(831245);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:228\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_name(\"Mandriva Update for xpdf MDVSA-2010:228 (xpdf)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xpdf-common\", rpm:\"xpdf-common~3.02~12.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880575", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880575", "type": "openvas", "title": "CentOS Update for poppler CESA-2010:0749 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for poppler CESA-2010:0749 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-October/017056.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880575\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2010:0749\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_name(\"CentOS Update for poppler CESA-2010:0749 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"poppler on CentOS 5\");\n script_tag(name:\"insight\", value:\"Poppler is a Portable Document Format (PDF) rendering library, used by\n applications such as Evince.\n\n An uninitialized pointer use flaw was discovered in poppler. An attacker\n could create a malicious PDF file that, when opened, would cause\n applications that use poppler (such as Evince) to crash or, potentially,\n execute arbitrary code. (CVE-2010-3702)\n\n An array index error was found in the way poppler parsed PostScript Type 1\n fonts embedded in PDF documents. An attacker could create a malicious PDF\n file that, when opened, would cause applications that use poppler (such as\n Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)\n\n Users are advised to upgrade to these updated packages, which contain\n backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_5.14\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_5.14\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_5.14\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-03T10:54:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "Check for the Version of poppler", "modified": "2018-01-02T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:1361412562310831249", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831249", "type": "openvas", "title": "Mandriva Update for poppler MDVSA-2010:230 (poppler)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for poppler MDVSA-2010:230 (poppler)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities were discovered and corrected in poppler:\n\n The Gfx::getPos function in the PDF parser in poppler, allows\n context-dependent attackers to cause a denial of service (crash)\n via unknown vectors that trigger an uninitialized pointer dereference\n (CVE-2010-3702).\n \n The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser\n in poppler, allows context-dependent attackers to cause a denial\n of service (crash) and possibly execute arbitrary code via a PDF\n file with a crafted Type1 font that contains a negative array index,\n which bypasses input validation and which triggers memory corruption\n (CVE-2010-3704).\n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149&products_id=490\n \n The updated packages have been patched to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"poppler on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-11/msg00023.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831249\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 14:49:48 +0100 (Tue, 16 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:230\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_name(\"Mandriva Update for poppler MDVSA-2010:230 (poppler)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpoppler3\", rpm:\"libpoppler3~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib3\", rpm:\"libpoppler-glib3~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler3\", rpm:\"lib64poppler3~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib3\", rpm:\"lib64poppler-glib3~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.8.7~2.4mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpoppler3\", rpm:\"libpoppler3~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib3\", rpm:\"libpoppler-glib3~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler3\", rpm:\"lib64poppler3~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib3\", rpm:\"lib64poppler-glib3~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.8.7~2.4mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "Check for the Version of gpdf", "modified": "2017-12-13T00:00:00", "published": "2010-10-19T00:00:00", "id": "OPENVAS:870331", "href": "http://plugins.openvas.org/nasl.php?oid=870331", "type": "openvas", "title": "RedHat Update for gpdf RHSA-2010:0752-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gpdf RHSA-2010:0752-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GPdf is a viewer for Portable Document Format (PDF) files.\n\n An uninitialized pointer use flaw was discovered in GPdf. An attacker could\n create a malicious PDF file that, when opened, would cause GPdf to crash\n or, potentially, execute arbitrary code. (CVE-2010-3702)\n \n An array index error was found in the way GPdf parsed PostScript Type 1\n fonts embedded in PDF documents. An attacker could create a malicious PDF\n file that, when opened, would cause GPdf to crash or, potentially, execute\n arbitrary code. (CVE-2010-3704)\n \n Users are advised to upgrade to this updated package, which contains\n backported patches to correct these issues.\";\n\ntag_affected = \"gpdf on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-October/msg00007.html\");\n script_id(870331);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-10-19 15:54:15 +0200 (Tue, 19 Oct 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0752-01\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_name(\"RedHat Update for gpdf RHSA-2010:0752-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_8.7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gpdf-debuginfo\", rpm:\"gpdf-debuginfo~2.8.2~7.7.2.el4_8.7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "Oracle Linux Local Security Checks ELSA-2010-0749", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122311", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122311", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0749", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0749.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122311\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:16:30 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0749\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0749 - poppler security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0749\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0749.html\");\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_5.14\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_5.14\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_5.14\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2020-12-24T11:30:51", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3704"], "description": "Poppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nAn uninitialized pointer use flaw was discovered in poppler. An attacker\ncould create a malicious PDF file that, when opened, would cause\napplications that use poppler (such as Evince) to crash or, potentially,\nexecute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way poppler parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause applications that use poppler (such as\nEvince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "modified": "2017-09-08T11:49:25", "published": "2010-10-07T04:00:00", "id": "RHSA-2010:0749", "href": "https://access.redhat.com/errata/RHSA-2010:0749", "type": "redhat", "title": "(RHSA-2010:0749) Important: poppler security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T11:29:38", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3704"], "description": "GPdf is a viewer for Portable Document Format (PDF) files.\n\nAn uninitialized pointer use flaw was discovered in GPdf. An attacker could\ncreate a malicious PDF file that, when opened, would cause GPdf to crash\nor, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way GPdf parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause GPdf to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.\n", "modified": "2017-09-08T12:05:22", "published": "2010-10-07T04:00:00", "id": "RHSA-2010:0752", "href": "https://access.redhat.com/errata/RHSA-2010:0752", "type": "redhat", "title": "(RHSA-2010:0752) Important: gpdf security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T11:31:20", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3704"], "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nAn uninitialized pointer use flaw was discovered in Xpdf. An attacker could\ncreate a malicious PDF file that, when opened, would cause Xpdf to crash\nor, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way Xpdf parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause Xpdf to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.\n", "modified": "2017-09-08T12:14:20", "published": "2010-10-07T04:00:00", "id": "RHSA-2010:0751", "href": "https://access.redhat.com/errata/RHSA-2010:0751", "type": "redhat", "title": "(RHSA-2010:0751) Important: xpdf security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T11:30:36", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3704"], "description": "The kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nAn uninitialized pointer use flaw was discovered in KPDF. An attacker could\ncreate a malicious PDF file that, when opened, would cause KPDF to crash\nor, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way KPDF parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause KPDF to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n", "modified": "2017-09-08T12:19:48", "published": "2010-10-07T04:00:00", "id": "RHSA-2010:0753", "href": "https://access.redhat.com/errata/RHSA-2010:0753", "type": "redhat", "title": "(RHSA-2010:0753) Important: kdegraphics security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2116-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nOctober 12, 2010 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : poppler\r\nVulnerability : several\r\nProblem type : local(remote)\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2010-3702 CVE-2010-3704\r\nDebian Bug : 599165\r\n\r\nJoel Voss of Leviathan Security Group discovered two vulnerabilities in\r\nthe Poppler PDF rendering library, which may lead to the execution of\r\narbitrary code if a malformed PDF file is opened.\r\n\r\nFor the stable distribution (lenny), these problems have been fixed in\r\nversion 0.8.7-4.\r\n\r\nFor the unstable distribution (sid), these problems will be fixed soon.\r\n\r\nWe recommend that you upgrade your poppler packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc,\r\ns390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7.orig.tar.gz\r\n Size/MD5 checksum: 1469587 9af81429d6f8639c357a5eed25583365\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-4.diff.gz\r\n Size/MD5 checksum: 23876 219c5db15e7e0ad3ce01c45b5d2d17b5\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-4.dsc\r\n Size/MD5 checksum: 1481 a2d28a0e06fd0b226e9e87d88aab52e8\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 891456 eecf847b41f68e67cfa250c239ab95ff\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 220410 cdc18593a727b1a80279ad941a929dee\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 329946 83a82f4a995727adac2a9cbb19cd0705\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 303118 8407f059f1395ad93f765cdcf70f6246\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 180578 f625e16840c1262de1e33579bfff3e00\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 197172 2573621fc79b03251735690bfd818f5e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 1334994 5fbda5e9f2b3824d3d7ccbb1bcf000d0\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 3204616 7c7c37da8b894e462b2758524365ca46\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 234854 06e4977b32fb63577a918c110147e5f6\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_alpha.deb\r\n Size/MD5 checksum: 452718 751233edf2ec85fd1e095893124f8909\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 184848 ed2abc9b1edd4cde56eb40b9b775cf45\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 1119492 16725109ae348df90c30896be4a0c5de\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 232702 2e7740b7098cd91493f178745b966d4a\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 178414 497a3f7cbff9acdb0b01d58aae33415a\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 358376 461a59da2c6b0c7531bba1a385f3607d\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 275318 3c6b86fb8a57e9f17fbe058a36fa426e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 314086 3381ccceeaa1d2727f331d92b59818dd\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 3148992 c1f76eb6ca390ef674647dc5def03c40\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 840444 bc302d9fba4a4469b0d1902f5bb9777e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_amd64.deb\r\n Size/MD5 checksum: 217654 7008780b0aea027507fb70fe7c55af15\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 390130 993386a0e413c10df447dc83ccb3ca15\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 184796 2e3eeb3b7a744a268dad95cae33d6146\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 3115978 784d8f1cef1f6536b979e6c52baedbd0\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 178194 8bc04420f3e45f0d9f0e2c70abe9f805\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 226694 e9cad6f85ee41ad40d6cf5cd4accc5aa\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 270650 d5bc5732bbe002e3db1425835848626f\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 341936 e13e6c29d90f909c81e0b06bdf131a61\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 1096786 1bbed300b089de228c0b9a5cc4d1a7f6\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 807566 15887571376ee0d25fcf477ac4ba054f\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_arm.deb\r\n Size/MD5 checksum: 208332 ba2da71c5d576f32ee449c3753c1d88f\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 376502 65ef8244fe39348d315e614cf7426b1d\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 3159364 c3cbc56f216c48097d3eeb6c82c59152\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 310866 499fdb8685258672067bd711d38d53c2\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 207870 47c4c9a9f3ee4e91d72b3641cf877a3e\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 222156 e8662e1b8c59263dbfa9da37821ee221\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 275450 8c1a9b503faa4dfb842f77aac3b78660\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 777258 23ed358ece8d5fa4bdedd7fd95d8da03\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 181942 9fa3482ceaa47cffc8ef0334ff2d8fd3\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 1108276 9440c768e0c36cd2679302707b3e67e3\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_armel.deb\r\n Size/MD5 checksum: 174352 e14eacb00011d03aacbd3800a62c3527\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 180814 0fe3440213a0fdd89d1d3ab4abd52194\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 1259958 121e935f943029dabfb8fb5708ca4d95\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 929604 e2c0359a9bb9d2f43eba42cfb1176886\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 388818 4728fa9ca382f2b80ccf7029bfdd4930\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 291126 db34880c98215d5e21f41acdfe055793\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 335522 67002c10addbdc4b2ff52af23a8548c1\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 3140808 768379ef1d00c3eca85ff7a09e14daa4\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 234318 1e912fea114bde04f1dba3769ea85a2b\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 226170 d90e048a5bc7031a0b06ab78f371ba1f\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_hppa.deb\r\n Size/MD5 checksum: 187028 a1421ae135c80c12687c716600af4eba\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 214852 2151fc1bf2edcd9024a2b7e3bc6d2812\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 226704 7850919a3f4e701c055d84981eee435a\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 344586 31464fea47dd982d178dded3b8a0369e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 312902 9a55130fc71c003c57838d039f253c9d\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 182014 100ffcdbd3e41ebcfddce2c68347ee41\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 3062702 fcf72afae54301e32b32241ffb38bfbe\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 1054138 dc8a52af5230ac661194de09addea31e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 813932 f288903f2a99aae4e23f4335329024fb\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 270452 7493a6c49962426bc37e2b475fc1a263\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_i386.deb\r\n Size/MD5 checksum: 177914 d19365a8780fc7a032a95c3eb0637540\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 3107166 b8dcf25d1a0735feb8aae49c4b8d3ae8\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 424464 60fc005362e166276b37fc0a438da37e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 195428 db5e21ac097827853ff2afd6ac573dcc\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 353256 21471f96902a8592ab5d49cf3687ac64\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 1421918 6593d5c5a9e019ff879c4651fda95548\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 257344 bb5e9b6a70cfe567d2b98442db19cdef\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 302456 107b6620f804f3990141043599d292c7\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 233166 dd0b6f7bce2e07cba2c3a2019d7aada3\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 1074000 49e343bd8bf61d3709341f1c725f929b\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_ia64.deb\r\n Size/MD5 checksum: 184792 b8372aa7138ece28c62298a295211cbc\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 3232772 e150761ce9b858d1f3adc8c4b732f330\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 187832 b044fd59a07e9dcf6fadc769e4e39ab8\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 390558 1107be43d549eb458d80081f8cb6c5af\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 287574 10e5e71d729b6982b6ca10a4db3df19e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 177392 22b77e7afe8d572351860eceeae20a3a\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 826186 c8a54dcce96f5098726f98e4a54b72f6\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 1218220 dc0da0eec9ff021f7b37e268fcee258a\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 302696 c30ddb1cd7560d32a8da06fe55b8c63c\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 227884 be03fda3a4b1c7f656afe2c0e96590d8\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_mips.deb\r\n Size/MD5 checksum: 215390 416ee61ea77b5954ef9211d1ab813be7\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 804632 5b7002bdd5caf184563bac6e69090e0c\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 1200858 acfbc90bf29e9caeff4746b6c4f2d1e5\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 187282 0dfd8e6f6ff32a5a1473cfcbf3d32fb3\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 177102 b75ed90c14faaaeee0cc71d076d664d6\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 288140 cc1bc2ca8a40c0a464ce2fae0911f97a\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 3123908 c0cfc81a0b3e16e995f90bd7a2c58342\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 231850 4c5b8a12a440b1386d8d23296a62fb56\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 214246 bd35cb49e05b44cd75473267598bd4a6\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 386846 b071de784b773f3ddad53e56b45d3e40\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_mipsel.deb\r\n Size/MD5 checksum: 300258 9856aa4a0f0072370ab44162da2d4d9a\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 360144 b8c7775745bb27aaa278578c3c99ecc9\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 3225134 ec377f8e7c8b42298859d34e075ffb07\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 222462 b7b82e4ad6a607bd1c9f8d18ccafc9b8\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 184852 92ad48c1d0b4f71ee5d9dff90da846d2\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 1182246 01f2fa2e9bbe1e890af3d522ea69ccd9\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 246580 ac0fe37e13e4b13daed8da4231542929\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 883168 76a6833fcf97d713bde4df8b32c45135\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 318274 83f904fb9939631d361647d002493b48\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 286030 87bd418c762f4852deb2f0ccf676e279\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_powerpc.deb\r\n Size/MD5 checksum: 181404 8a890e062a3e57cbf05298afe3e80f8a\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 841442 3af0ff00c65d798264f3fcae4d3d4a01\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 218442 cff4034943d4bc73c6e25c44e818a03e\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 279424 41af8fff9a31a67ff5348819767d38b2\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 182698 d0826f59f5b3a670425eb3a4a545dd0d\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 312902 a29c008538bca825e4adbd9d81c98966\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 177752 431d82e8cd6c132da74ad093dbcc7ba0\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 1122234 1ef35b74956ee14359f51462acb57106\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 229764 6f1f3aa05049d00acad3e6b30e6e0648\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 349904 03b490982f1212c160d336b936d91f87\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_s390.deb\r\n Size/MD5 checksum: 3247406 c2e3ace3b947c9db715bba922e920597\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 311218 10ebf40bd6544ecfd1d5c14012bc2333\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 3010294 25ed84792d1322113d88d7d86875a505\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 823558 b249aa0aca98b8194d82dc5099cd4660\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 177016 6ca62885f918c19fb6dd3853e4d9f47d\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 274862 d9959778df605e6242c8a869fe0933c1\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 1077730 33624d329997fad4abfec6228e7bcaa4\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 182754 6392ee52ee09d7140f33d93dca41ea09\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 349128 4fdac4cf89006eef1554f41fa34258d2\r\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 227040 16627c2e2b817e6279f2ed429394cf81\r\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_sparc.deb\r\n Size/MD5 checksum: 214664 50e728e424d503059a2aa6c8575a06eb\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAky0tz0ACgkQXm3vHE4uylpDsACg6F/E0X86/Udl77b4ieidLmEc\r\nmdcAnRd9H+VW3w31XtBCmVoLRCv3WqeC\r\n=2p/a\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-10-13T00:00:00", "published": "2010-10-13T00:00:00", "id": "SECURITYVULNS:DOC:24911", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24911", "title": "[SECURITY] [DSA 2116-1] New poppler packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "Different vulnerabilities on PDF parsing.", "edition": 1, "modified": "2010-10-13T00:00:00", "published": "2010-10-13T00:00:00", "id": "SECURITYVULNS:VULN:11200", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11200", "title": "poppler library multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:08", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "[2.8.2-7.7.2.el4_8.7]\n- Add gpdf-2.8.2-CVE-2010-3702.patch\n (Properly initialize parser)\n- Add gpdf-2.8.2-CVE-2010-3704.patch\n (Fix crash in broken pdf (code < 0))\n- Resolves: #639831", "edition": 4, "modified": "2010-10-07T00:00:00", "published": "2010-10-07T00:00:00", "id": "ELSA-2010-0752", "href": "http://linux.oracle.com/errata/ELSA-2010-0752.html", "title": "gpdf security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:35", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "[3.00-24.1]\n- Resolves: #639829\n CVE-2010-3702, uninitialized Gfx::parser pointer dereference\n CVE-2010-3704, array indexing error in FoFiType1::parse()", "edition": 4, "modified": "2010-10-07T00:00:00", "published": "2010-10-07T00:00:00", "id": "ELSA-2010-0751", "href": "http://linux.oracle.com/errata/ELSA-2010-0751.html", "title": "xpdf security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:38", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "[3.3.1-18.1]\n- Resolves: #639833\n CVE-2010-3702, uninitialized Gfx::parser pointer dereference\n CVE-2010-3704, array indexing error in FoFiType1::parse()", "edition": 4, "modified": "2010-10-07T00:00:00", "published": "2010-10-07T00:00:00", "id": "ELSA-2010-0753", "href": "http://linux.oracle.com/errata/ELSA-2010-0753.html", "title": "kdegraphics security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:19", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "[0.5.4-4.4.el5_5.14]\n- Add poppler-0.5.4-CVE-2010-3702.patch\n (Properly initialize parser)\n- Add poppler-0.5.4-CVE-2010-3704.patch\n (Fix crash in broken pdf (code < 0))\n- Resolves: #639839", "edition": 4, "modified": "2010-10-07T00:00:00", "published": "2010-10-07T00:00:00", "id": "ELSA-2010-0749", "href": "http://linux.oracle.com/errata/ELSA-2010-0749.html", "title": "poppler security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:46", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702", "CVE-2010-3703"], "description": "[0.12.4-3.el6.1]\n- Add poppler-0.12.4-CVE-2010-3702.patch\n (Properly initialize parser)\n- Add poppler-0.12.4-CVE-2010-3703.patch\n (Properly initialize stack)\n- Add poppler-0.12.4-CVE-2010-3704.patch\n (Fix crash in broken pdf (code < 0))\n- Resolves: #639859", "edition": 4, "modified": "2011-02-10T00:00:00", "published": "2011-02-10T00:00:00", "id": "ELSA-2010-0859", "href": "http://linux.oracle.com/errata/ELSA-2010-0859.html", "title": "poppler security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-12-24T14:37:45", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0751\n\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nAn uninitialized pointer use flaw was discovered in Xpdf. An attacker could\ncreate a malicious PDF file that, when opened, would cause Xpdf to crash\nor, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way Xpdf parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause Xpdf to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029085.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029086.html\n\n**Affected packages:**\nxpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0751.html", "edition": 4, "modified": "2010-10-09T22:09:16", "published": "2010-10-09T22:08:57", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/029085.html", "id": "CESA-2010:0751", "title": "xpdf security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T14:32:39", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0753\n\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nAn uninitialized pointer use flaw was discovered in KPDF. An attacker could\ncreate a malicious PDF file that, when opened, would cause KPDF to crash\nor, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way KPDF parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause KPDF to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029091.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029092.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029099.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029100.html\n\n**Affected packages:**\nkdegraphics\nkdegraphics-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0753.html", "edition": 4, "modified": "2010-10-10T23:01:17", "published": "2010-10-09T22:16:28", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/029091.html", "id": "CESA-2010:0753", "title": "kdegraphics security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T14:35:59", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0752\n\n\nGPdf is a viewer for Portable Document Format (PDF) files.\n\nAn uninitialized pointer use flaw was discovered in GPdf. An attacker could\ncreate a malicious PDF file that, when opened, would cause GPdf to crash\nor, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way GPdf parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause GPdf to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029087.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029088.html\n\n**Affected packages:**\ngpdf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0752.html", "edition": 4, "modified": "2010-10-09T22:11:41", "published": "2010-10-09T22:11:24", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/029087.html", "id": "CESA-2010:0752", "title": "gpdf security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T14:36:12", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0749\n\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nAn uninitialized pointer use flaw was discovered in poppler. An attacker\ncould create a malicious PDF file that, when opened, would cause\napplications that use poppler (such as Evince) to crash or, potentially,\nexecute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way poppler parsed PostScript Type 1\nfonts embedded in PDF documents. An attacker could create a malicious PDF\nfile that, when opened, would cause applications that use poppler (such as\nEvince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029093.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-October/029094.html\n\n**Affected packages:**\npoppler\npoppler-devel\npoppler-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2010-0749.html", "edition": 4, "modified": "2010-10-10T22:51:57", "published": "2010-10-10T22:51:57", "href": "http://lists.centos.org/pipermail/centos-announce/2010-October/029093.html", "id": "CESA-2010:0749", "title": "poppler security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T13:45:05", "description": "An uninitialized pointer use flaw was discovered in GPdf. An attacker\ncould create a malicious PDF file that, when opened, would cause GPdf\nto crash or, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way GPdf parsed PostScript Type\n1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause GPdf to crash or,\npotentially, execute arbitrary code. (CVE-2010-3704)", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : gpdf on SL4.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101007_GPDF_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60864", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60864);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n\n script_name(english:\"Scientific Linux Security Update : gpdf on SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An uninitialized pointer use flaw was discovered in GPdf. An attacker\ncould create a malicious PDF file that, when opened, would cause GPdf\nto crash or, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way GPdf parsed PostScript Type\n1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause GPdf to crash or,\npotentially, execute arbitrary code. (CVE-2010-3704)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1010&L=scientific-linux-errata&T=0&P=818\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7243aed3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"gpdf-2.8.2-7.7.2.el4_8.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:46:08", "description": "Joel Voss of Leviathan Security Group discovered two vulnerabilities\nin the Poppler PDF rendering library, which may lead to the execution\nof arbitrary code if a malformed PDF file is opened.", "edition": 26, "published": "2010-10-14T00:00:00", "title": "Debian DSA-2119-1 : poppler - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "modified": "2010-10-14T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:poppler", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2119.NASL", "href": "https://www.tenable.com/plugins/nessus/49965", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2119. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49965);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_xref(name:\"DSA\", value:\"2119\");\n\n script_name(english:\"Debian DSA-2119-1 : poppler - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Joel Voss of Leviathan Security Group discovered two vulnerabilities\nin the Poppler PDF rendering library, which may lead to the execution\nof arbitrary code if a malformed PDF file is opened.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2119\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the poppler packages.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.7-4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-dev\", reference:\"0.8.7-4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-glib-dev\", reference:\"0.8.7-4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-glib3\", reference:\"0.8.7-4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-qt-dev\", reference:\"0.8.7-4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-qt2\", reference:\"0.8.7-4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-qt4-3\", reference:\"0.8.7-4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler-qt4-dev\", reference:\"0.8.7-4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"libpoppler3\", reference:\"0.8.7-4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"poppler-dbg\", reference:\"0.8.7-4\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"poppler-utils\", reference:\"0.8.7-4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:18", "description": "apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-11-05T00:00:00", "title": "Fedora 14 : xpdf-3.02-16.fc14 (2010-16744)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "modified": "2010-11-05T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:xpdf"], "id": "FEDORA_2010-16744.NASL", "href": "https://www.tenable.com/plugins/nessus/50483", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16744.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50483);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_bugtraq_id(43841, 43845);\n script_xref(name:\"FEDORA\", value:\"2010-16744\");\n\n script_name(english:\"Fedora 14 : xpdf-3.02-16.fc14 (2010-16744)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=595245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=638960\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050268.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27f50fd9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"xpdf-3.02-16.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:58", "description": "Multiple vulnerabilities were discovered and corrected in poppler :\n\nThe Gfx::getPos function in the PDF parser in poppler, allows\ncontext-dependent attackers to cause a denial of service (crash) via\nunknown vectors that trigger an uninitialized pointer dereference\n(CVE-2010-3702).\n\nThe FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser\nin poppler, allows context-dependent attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a PDF file\nwith a crafted Type1 font that contains a negative array index, which\nbypasses input validation and which triggers memory corruption\n(CVE-2010-3704).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.", "edition": 24, "published": "2010-11-14T00:00:00", "title": "Mandriva Linux Security Advisory : poppler (MDVSA-2010:230)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "modified": "2010-11-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64poppler-glib3", "p-cpe:/a:mandriva:linux:libpoppler-qt4-devel", "cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:lib64poppler-qt2", "p-cpe:/a:mandriva:linux:libpoppler-devel", "p-cpe:/a:mandriva:linux:lib64poppler-qt4-3", "p-cpe:/a:mandriva:linux:libpoppler-qt2", "p-cpe:/a:mandriva:linux:libpoppler-glib-devel", "p-cpe:/a:mandriva:linux:lib64poppler-devel", "p-cpe:/a:mandriva:linux:lib64poppler3", "p-cpe:/a:mandriva:linux:libpoppler3", "p-cpe:/a:mandriva:linux:lib64poppler-glib-devel", "p-cpe:/a:mandriva:linux:libpoppler-qt4-3", "p-cpe:/a:mandriva:linux:poppler", "p-cpe:/a:mandriva:linux:lib64poppler-qt-devel", "p-cpe:/a:mandriva:linux:libpoppler-qt-devel", "p-cpe:/a:mandriva:linux:lib64poppler-qt4-devel", "p-cpe:/a:mandriva:linux:libpoppler-glib3"], "id": "MANDRIVA_MDVSA-2010-230.NASL", "href": "https://www.tenable.com/plugins/nessus/50582", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:230. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50582);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_bugtraq_id(43594, 43841, 43845);\n script_xref(name:\"MDVSA\", value:\"2010:230\");\n\n script_name(english:\"Mandriva Linux Security Advisory : poppler (MDVSA-2010:230)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered and corrected in poppler :\n\nThe Gfx::getPos function in the PDF parser in poppler, allows\ncontext-dependent attackers to cause a denial of service (crash) via\nunknown vectors that trigger an uninitialized pointer dereference\n(CVE-2010-3702).\n\nThe FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser\nin poppler, allows context-dependent attackers to cause a denial of\nservice (crash) and possibly execute arbitrary code via a PDF file\nwith a crafted Type1 font that contains a negative array index, which\nbypasses input validation and which triggers memory corruption\n(CVE-2010-3704).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-glib3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-qt2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-qt4-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler-qt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64poppler3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-glib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-glib3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-qt2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-qt4-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler-qt4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libpoppler3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:poppler\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64poppler-devel-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64poppler-glib-devel-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64poppler-glib3-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64poppler-qt-devel-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64poppler-qt2-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64poppler-qt4-3-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64poppler-qt4-devel-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64poppler3-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpoppler-devel-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpoppler-glib-devel-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpoppler-glib3-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpoppler-qt-devel-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpoppler-qt2-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpoppler-qt4-3-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpoppler-qt4-devel-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libpoppler3-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"poppler-0.8.7-2.4mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:18", "description": "apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-11-05T00:00:00", "title": "Fedora 12 : xpdf-3.02-16.fc12 (2010-16705)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "modified": "2010-11-05T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xpdf", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-16705.NASL", "href": "https://www.tenable.com/plugins/nessus/50480", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16705.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50480);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_bugtraq_id(43841, 43845);\n script_xref(name:\"FEDORA\", value:\"2010-16705\");\n\n script_name(english:\"Fedora 12 : xpdf-3.02-16.fc12 (2010-16705)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=595245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=638960\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3889358\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"xpdf-3.02-16.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:17", "description": "apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-11-05T00:00:00", "title": "Fedora 13 : xpdf-3.02-16.fc13 (2010-16662)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "modified": "2010-11-05T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:xpdf"], "id": "FEDORA_2010-16662.NASL", "href": "https://www.tenable.com/plugins/nessus/50479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16662.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50479);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_bugtraq_id(43841, 43845);\n script_xref(name:\"FEDORA\", value:\"2010-16662\");\n\n script_name(english:\"Fedora 13 : xpdf-3.02-16.fc13 (2010-16662)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=595245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=638960\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050285.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?030f16ac\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"xpdf-3.02-16.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:13:24", "description": "Specially crafted PDF files could crash poppler or potentially even\ncause execution of arbitrary code (CVE-2010-3702 / CVE-2010-3704).\nThis has been fixed.", "edition": 23, "published": "2010-12-02T00:00:00", "title": "SuSE 11 Security Update : libpoppler (SAT Patch Number 3337)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "modified": "2010-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libpoppler4", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:libpoppler-qt4-3", "p-cpe:/a:novell:suse_linux:11:poppler-tools", "p-cpe:/a:novell:suse_linux:11:libpoppler-glib4"], "id": "SUSE_11_LIBPOPPLER-DEVEL-101016.NASL", "href": "https://www.tenable.com/plugins/nessus/50942", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50942);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n\n script_name(english:\"SuSE 11 Security Update : libpoppler (SAT Patch Number 3337)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could crash poppler or potentially even\ncause execution of arbitrary code (CVE-2010-3702 / CVE-2010-3704).\nThis has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=642785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3702.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-3704.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 3337.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpoppler-glib4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpoppler-qt4-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libpoppler4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:poppler-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libpoppler-glib4-0.10.1-1.37.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libpoppler-qt4-3-0.10.1-1.37.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libpoppler4-0.10.1-1.37.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libpoppler-glib4-0.10.1-1.37.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libpoppler-qt4-3-0.10.1-1.37.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libpoppler4-0.10.1-1.37.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libpoppler-glib4-0.10.1-1.37.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libpoppler-qt4-3-0.10.1-1.37.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libpoppler4-0.10.1-1.37.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"poppler-tools-0.10.1-1.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:45:05", "description": "An uninitialized pointer use flaw was discovered in poppler. An\nattacker could create a malicious PDF file that, when opened, would\ncause applications that use poppler (such as Evince) to crash or,\npotentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way poppler parsed PostScript\nType 1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause applications that\nuse poppler (such as Evince) to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : poppler on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101007_POPPLER_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60866", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60866);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n\n script_name(english:\"Scientific Linux Security Update : poppler on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An uninitialized pointer use flaw was discovered in poppler. An\nattacker could create a malicious PDF file that, when opened, would\ncause applications that use poppler (such as Evince) to crash or,\npotentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way poppler parsed PostScript\nType 1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause applications that\nuse poppler (such as Evince) to crash or, potentially, execute\narbitrary code. (CVE-2010-3704)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1010&L=scientific-linux-errata&T=0&P=1072\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ab865ce\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected poppler, poppler-devel and / or poppler-utils\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"poppler-0.5.4-4.4.el5_5.14\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"poppler-devel-0.5.4-4.4.el5_5.14\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"poppler-utils-0.5.4-4.4.el5_5.14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:45:05", "description": "An uninitialized pointer use flaw was discovered in KPDF. An attacker\ncould create a malicious PDF file that, when opened, would cause KPDF\nto crash or, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way KPDF parsed PostScript Type\n1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause KPDF to crash or,\npotentially, execute arbitrary code. (CVE-2010-3704)", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : kdegraphics on SL4.x, SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20101007_KDEGRAPHICS_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60865", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60865);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n\n script_name(english:\"Scientific Linux Security Update : kdegraphics on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An uninitialized pointer use flaw was discovered in KPDF. An attacker\ncould create a malicious PDF file that, when opened, would cause KPDF\nto crash or, potentially, execute arbitrary code. (CVE-2010-3702)\n\nAn array index error was found in the way KPDF parsed PostScript Type\n1 fonts embedded in PDF documents. An attacker could create a\nmalicious PDF file that, when opened, would cause KPDF to crash or,\npotentially, execute arbitrary code. (CVE-2010-3704)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1010&L=scientific-linux-errata&T=0&P=938\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e39caf66\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdegraphics and / or kdegraphics-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kdegraphics-3.3.1-18.el4_8.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kdegraphics-devel-3.3.1-18.el4_8.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"kdegraphics-3.5.4-17.el5_5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kdegraphics-devel-3.5.4-17.el5_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:58", "description": "Multiple vulnerabilities were discovered and corrected in xpdf :\n\nThe Gfx::getPos function in the PDF parser in xpdf before 3.02pl5,\nallows context-dependent attackers to cause a denial of service\n(crash) via unknown vectors that trigger an uninitialized pointer\ndereference (CVE-2010-3702).\n\nThe FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser\nin xpdf before 3.02pl5, allows context-dependent attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code via a\nPDF file with a crafted Type1 font that contains a negative array\nindex, which bypasses input validation and which triggers memory\ncorruption (CVE-2010-3704).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.", "edition": 24, "published": "2010-11-14T00:00:00", "title": "Mandriva Linux Security Advisory : xpdf (MDVSA-2010:228)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "modified": "2010-11-14T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:xpdf", "p-cpe:/a:mandriva:linux:xpdf-common"], "id": "MANDRIVA_MDVSA-2010-228.NASL", "href": "https://www.tenable.com/plugins/nessus/50581", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:228. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50581);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-3702\", \"CVE-2010-3704\");\n script_xref(name:\"MDVSA\", value:\"2010:228\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xpdf (MDVSA-2010:228)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered and corrected in xpdf :\n\nThe Gfx::getPos function in the PDF parser in xpdf before 3.02pl5,\nallows context-dependent attackers to cause a denial of service\n(crash) via unknown vectors that trigger an uninitialized pointer\ndereference (CVE-2010-3702).\n\nThe FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser\nin xpdf before 3.02pl5, allows context-dependent attackers to cause a\ndenial of service (crash) and possibly execute arbitrary code via a\nPDF file with a crafted Type1 font that contains a negative array\nindex, which bypasses input validation and which triggers memory\ncorruption (CVE-2010-3704).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xpdf and / or xpdf-common packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xpdf-common\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xpdf-3.02-12.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xpdf-common-3.02-12.4mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3704"], "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ", "modified": "2010-11-04T23:32:04", "published": "2010-11-04T23:32:04", "id": "FEDORA:1F22D1116C5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: xpdf-3.02-16.fc13", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3704"], "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ", "modified": "2010-11-04T23:47:08", "published": "2010-11-04T23:47:08", "id": "FEDORA:021DE1119B9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: xpdf-3.02-16.fc12", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3704"], "description": "Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. ", "modified": "2010-11-04T23:29:40", "published": "2010-11-04T23:29:40", "id": "FEDORA:3CC1711158A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: xpdf-3.02-16.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704"], "description": "Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. ", "modified": "2010-10-15T12:39:06", "published": "2010-10-15T12:39:06", "id": "FEDORA:56E1811061A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: poppler-0.14.4-1.fc14", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704"], "description": "Poppler, a PDF rendering library, is a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC. ", "modified": "2010-10-19T07:09:48", "published": "2010-10-19T07:09:48", "id": "FEDORA:DC2AF110A87", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: poppler-0.12.4-5.fc12", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-12-24T13:25:38", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2116-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nOctober 12, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : poppler\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2010-3702 CVE-2010-3704\nDebian Bug : 599165\n\nJoel Voss of Leviathan Security Group discovered two vulnerabilities in\nthe Poppler PDF rendering library, which may lead to the execution of\narbitrary code if a malformed PDF file is opened.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 0.8.7-4.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your poppler packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7.orig.tar.gz\n Size/MD5 checksum: 1469587 9af81429d6f8639c357a5eed25583365\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-4.diff.gz\n Size/MD5 checksum: 23876 219c5db15e7e0ad3ce01c45b5d2d17b5\n http://security.debian.org/pool/updates/main/p/poppler/poppler_0.8.7-4.dsc\n Size/MD5 checksum: 1481 a2d28a0e06fd0b226e9e87d88aab52e8\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_alpha.deb\n Size/MD5 checksum: 891456 eecf847b41f68e67cfa250c239ab95ff\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_alpha.deb\n Size/MD5 checksum: 220410 cdc18593a727b1a80279ad941a929dee\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_alpha.deb\n Size/MD5 checksum: 329946 83a82f4a995727adac2a9cbb19cd0705\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_alpha.deb\n Size/MD5 checksum: 303118 8407f059f1395ad93f765cdcf70f6246\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_alpha.deb\n Size/MD5 checksum: 180578 f625e16840c1262de1e33579bfff3e00\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_alpha.deb\n Size/MD5 checksum: 197172 2573621fc79b03251735690bfd818f5e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_alpha.deb\n Size/MD5 checksum: 1334994 5fbda5e9f2b3824d3d7ccbb1bcf000d0\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_alpha.deb\n Size/MD5 checksum: 3204616 7c7c37da8b894e462b2758524365ca46\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_alpha.deb\n Size/MD5 checksum: 234854 06e4977b32fb63577a918c110147e5f6\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_alpha.deb\n Size/MD5 checksum: 452718 751233edf2ec85fd1e095893124f8909\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_amd64.deb\n Size/MD5 checksum: 184848 ed2abc9b1edd4cde56eb40b9b775cf45\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_amd64.deb\n Size/MD5 checksum: 1119492 16725109ae348df90c30896be4a0c5de\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_amd64.deb\n Size/MD5 checksum: 232702 2e7740b7098cd91493f178745b966d4a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_amd64.deb\n Size/MD5 checksum: 178414 497a3f7cbff9acdb0b01d58aae33415a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_amd64.deb\n Size/MD5 checksum: 358376 461a59da2c6b0c7531bba1a385f3607d\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_amd64.deb\n Size/MD5 checksum: 275318 3c6b86fb8a57e9f17fbe058a36fa426e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_amd64.deb\n Size/MD5 checksum: 314086 3381ccceeaa1d2727f331d92b59818dd\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_amd64.deb\n Size/MD5 checksum: 3148992 c1f76eb6ca390ef674647dc5def03c40\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_amd64.deb\n Size/MD5 checksum: 840444 bc302d9fba4a4469b0d1902f5bb9777e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_amd64.deb\n Size/MD5 checksum: 217654 7008780b0aea027507fb70fe7c55af15\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_arm.deb\n Size/MD5 checksum: 390130 993386a0e413c10df447dc83ccb3ca15\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_arm.deb\n Size/MD5 checksum: 184796 2e3eeb3b7a744a268dad95cae33d6146\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_arm.deb\n Size/MD5 checksum: 3115978 784d8f1cef1f6536b979e6c52baedbd0\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_arm.deb\n Size/MD5 checksum: 178194 8bc04420f3e45f0d9f0e2c70abe9f805\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_arm.deb\n Size/MD5 checksum: 226694 e9cad6f85ee41ad40d6cf5cd4accc5aa\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_arm.deb\n Size/MD5 checksum: 270650 d5bc5732bbe002e3db1425835848626f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_arm.deb\n Size/MD5 checksum: 341936 e13e6c29d90f909c81e0b06bdf131a61\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_arm.deb\n Size/MD5 checksum: 1096786 1bbed300b089de228c0b9a5cc4d1a7f6\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_arm.deb\n Size/MD5 checksum: 807566 15887571376ee0d25fcf477ac4ba054f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_arm.deb\n Size/MD5 checksum: 208332 ba2da71c5d576f32ee449c3753c1d88f\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_armel.deb\n Size/MD5 checksum: 376502 65ef8244fe39348d315e614cf7426b1d\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_armel.deb\n Size/MD5 checksum: 3159364 c3cbc56f216c48097d3eeb6c82c59152\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_armel.deb\n Size/MD5 checksum: 310866 499fdb8685258672067bd711d38d53c2\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_armel.deb\n Size/MD5 checksum: 207870 47c4c9a9f3ee4e91d72b3641cf877a3e\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_armel.deb\n Size/MD5 checksum: 222156 e8662e1b8c59263dbfa9da37821ee221\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_armel.deb\n Size/MD5 checksum: 275450 8c1a9b503faa4dfb842f77aac3b78660\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_armel.deb\n Size/MD5 checksum: 777258 23ed358ece8d5fa4bdedd7fd95d8da03\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_armel.deb\n Size/MD5 checksum: 181942 9fa3482ceaa47cffc8ef0334ff2d8fd3\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_armel.deb\n Size/MD5 checksum: 1108276 9440c768e0c36cd2679302707b3e67e3\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_armel.deb\n Size/MD5 checksum: 174352 e14eacb00011d03aacbd3800a62c3527\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_hppa.deb\n Size/MD5 checksum: 180814 0fe3440213a0fdd89d1d3ab4abd52194\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_hppa.deb\n Size/MD5 checksum: 1259958 121e935f943029dabfb8fb5708ca4d95\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_hppa.deb\n Size/MD5 checksum: 929604 e2c0359a9bb9d2f43eba42cfb1176886\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_hppa.deb\n Size/MD5 checksum: 388818 4728fa9ca382f2b80ccf7029bfdd4930\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_hppa.deb\n Size/MD5 checksum: 291126 db34880c98215d5e21f41acdfe055793\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_hppa.deb\n Size/MD5 checksum: 335522 67002c10addbdc4b2ff52af23a8548c1\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_hppa.deb\n Size/MD5 checksum: 3140808 768379ef1d00c3eca85ff7a09e14daa4\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_hppa.deb\n Size/MD5 checksum: 234318 1e912fea114bde04f1dba3769ea85a2b\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_hppa.deb\n Size/MD5 checksum: 226170 d90e048a5bc7031a0b06ab78f371ba1f\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_hppa.deb\n Size/MD5 checksum: 187028 a1421ae135c80c12687c716600af4eba\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_i386.deb\n Size/MD5 checksum: 214852 2151fc1bf2edcd9024a2b7e3bc6d2812\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_i386.deb\n Size/MD5 checksum: 226704 7850919a3f4e701c055d84981eee435a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_i386.deb\n Size/MD5 checksum: 344586 31464fea47dd982d178dded3b8a0369e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_i386.deb\n Size/MD5 checksum: 312902 9a55130fc71c003c57838d039f253c9d\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_i386.deb\n Size/MD5 checksum: 182014 100ffcdbd3e41ebcfddce2c68347ee41\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_i386.deb\n Size/MD5 checksum: 3062702 fcf72afae54301e32b32241ffb38bfbe\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_i386.deb\n Size/MD5 checksum: 1054138 dc8a52af5230ac661194de09addea31e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_i386.deb\n Size/MD5 checksum: 813932 f288903f2a99aae4e23f4335329024fb\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_i386.deb\n Size/MD5 checksum: 270452 7493a6c49962426bc37e2b475fc1a263\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_i386.deb\n Size/MD5 checksum: 177914 d19365a8780fc7a032a95c3eb0637540\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_ia64.deb\n Size/MD5 checksum: 3107166 b8dcf25d1a0735feb8aae49c4b8d3ae8\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_ia64.deb\n Size/MD5 checksum: 424464 60fc005362e166276b37fc0a438da37e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_ia64.deb\n Size/MD5 checksum: 195428 db5e21ac097827853ff2afd6ac573dcc\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_ia64.deb\n Size/MD5 checksum: 353256 21471f96902a8592ab5d49cf3687ac64\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_ia64.deb\n Size/MD5 checksum: 1421918 6593d5c5a9e019ff879c4651fda95548\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_ia64.deb\n Size/MD5 checksum: 257344 bb5e9b6a70cfe567d2b98442db19cdef\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_ia64.deb\n Size/MD5 checksum: 302456 107b6620f804f3990141043599d292c7\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_ia64.deb\n Size/MD5 checksum: 233166 dd0b6f7bce2e07cba2c3a2019d7aada3\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_ia64.deb\n Size/MD5 checksum: 1074000 49e343bd8bf61d3709341f1c725f929b\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_ia64.deb\n Size/MD5 checksum: 184792 b8372aa7138ece28c62298a295211cbc\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_mips.deb\n Size/MD5 checksum: 3232772 e150761ce9b858d1f3adc8c4b732f330\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_mips.deb\n Size/MD5 checksum: 187832 b044fd59a07e9dcf6fadc769e4e39ab8\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_mips.deb\n Size/MD5 checksum: 390558 1107be43d549eb458d80081f8cb6c5af\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_mips.deb\n Size/MD5 checksum: 287574 10e5e71d729b6982b6ca10a4db3df19e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_mips.deb\n Size/MD5 checksum: 177392 22b77e7afe8d572351860eceeae20a3a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_mips.deb\n Size/MD5 checksum: 826186 c8a54dcce96f5098726f98e4a54b72f6\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_mips.deb\n Size/MD5 checksum: 1218220 dc0da0eec9ff021f7b37e268fcee258a\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_mips.deb\n Size/MD5 checksum: 302696 c30ddb1cd7560d32a8da06fe55b8c63c\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_mips.deb\n Size/MD5 checksum: 227884 be03fda3a4b1c7f656afe2c0e96590d8\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_mips.deb\n Size/MD5 checksum: 215390 416ee61ea77b5954ef9211d1ab813be7\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 804632 5b7002bdd5caf184563bac6e69090e0c\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 1200858 acfbc90bf29e9caeff4746b6c4f2d1e5\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 187282 0dfd8e6f6ff32a5a1473cfcbf3d32fb3\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 177102 b75ed90c14faaaeee0cc71d076d664d6\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 288140 cc1bc2ca8a40c0a464ce2fae0911f97a\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 3123908 c0cfc81a0b3e16e995f90bd7a2c58342\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 231850 4c5b8a12a440b1386d8d23296a62fb56\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 214246 bd35cb49e05b44cd75473267598bd4a6\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 386846 b071de784b773f3ddad53e56b45d3e40\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_mipsel.deb\n Size/MD5 checksum: 300258 9856aa4a0f0072370ab44162da2d4d9a\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 360144 b8c7775745bb27aaa278578c3c99ecc9\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 3225134 ec377f8e7c8b42298859d34e075ffb07\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 222462 b7b82e4ad6a607bd1c9f8d18ccafc9b8\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 184852 92ad48c1d0b4f71ee5d9dff90da846d2\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 1182246 01f2fa2e9bbe1e890af3d522ea69ccd9\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 246580 ac0fe37e13e4b13daed8da4231542929\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 883168 76a6833fcf97d713bde4df8b32c45135\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 318274 83f904fb9939631d361647d002493b48\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 286030 87bd418c762f4852deb2f0ccf676e279\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_powerpc.deb\n Size/MD5 checksum: 181404 8a890e062a3e57cbf05298afe3e80f8a\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_s390.deb\n Size/MD5 checksum: 841442 3af0ff00c65d798264f3fcae4d3d4a01\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_s390.deb\n Size/MD5 checksum: 218442 cff4034943d4bc73c6e25c44e818a03e\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_s390.deb\n Size/MD5 checksum: 279424 41af8fff9a31a67ff5348819767d38b2\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_s390.deb\n Size/MD5 checksum: 182698 d0826f59f5b3a670425eb3a4a545dd0d\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_s390.deb\n Size/MD5 checksum: 312902 a29c008538bca825e4adbd9d81c98966\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_s390.deb\n Size/MD5 checksum: 177752 431d82e8cd6c132da74ad093dbcc7ba0\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_s390.deb\n Size/MD5 checksum: 1122234 1ef35b74956ee14359f51462acb57106\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_s390.deb\n Size/MD5 checksum: 229764 6f1f3aa05049d00acad3e6b30e6e0648\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_s390.deb\n Size/MD5 checksum: 349904 03b490982f1212c160d336b936d91f87\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_s390.deb\n Size/MD5 checksum: 3247406 c2e3ace3b947c9db715bba922e920597\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-3_0.8.7-4_sparc.deb\n Size/MD5 checksum: 311218 10ebf40bd6544ecfd1d5c14012bc2333\n http://security.debian.org/pool/updates/main/p/poppler/poppler-dbg_0.8.7-4_sparc.deb\n Size/MD5 checksum: 3010294 25ed84792d1322113d88d7d86875a505\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler3_0.8.7-4_sparc.deb\n Size/MD5 checksum: 823558 b249aa0aca98b8194d82dc5099cd4660\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt2_0.8.7-4_sparc.deb\n Size/MD5 checksum: 177016 6ca62885f918c19fb6dd3853e4d9f47d\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.8.7-4_sparc.deb\n Size/MD5 checksum: 274862 d9959778df605e6242c8a869fe0933c1\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.8.7-4_sparc.deb\n Size/MD5 checksum: 1077730 33624d329997fad4abfec6228e7bcaa4\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.8.7-4_sparc.deb\n Size/MD5 checksum: 182754 6392ee52ee09d7140f33d93dca41ea09\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt4-dev_0.8.7-4_sparc.deb\n Size/MD5 checksum: 349128 4fdac4cf89006eef1554f41fa34258d2\n http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.8.7-4_sparc.deb\n Size/MD5 checksum: 227040 16627c2e2b817e6279f2ed429394cf81\n http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib3_0.8.7-4_sparc.deb\n Size/MD5 checksum: 214664 50e728e424d503059a2aa6c8575a06eb\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 10, "modified": "2010-10-12T19:31:50", "published": "2010-10-12T19:31:50", "id": "DEBIAN:DSA-2116-1:BF569", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00169.html", "title": "[SECURITY] [DSA 2116-1] New poppler packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T13:18:56", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3704", "CVE-2010-3702"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2135-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 21, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : xpdf\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2010-3702 CVE-2010-3704\n\nJoel Voss of Leviathan Security Group discovered two vulnerabilities\nin xpdf rendering engine, which may lead to the execution of arbitrary\ncode if a malformed PDF file is opened.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 3.02-1.4+lenny3.\n\nFor the upcoming stable distribution (squeeze) and the unstable \ndistribution (sid), these problems don't apply, since xpdf has been \npatched to use the Poppler PDF library.\n\nWe recommend that you upgrade your poppler packages.\n\nUpgrade instructions\n- --------------------\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 4, "modified": "2010-12-21T17:34:51", "published": "2010-12-21T17:34:51", "id": "DEBIAN:DSA-2135-1:65DF2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00186.html", "title": "[SECURITY] [DSA 2135-1] New xpdf packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-12-24T12:39:18", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704"], "description": "New poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/poppler-0.12.4-i486-2_slack13.1.txz: Rebuilt.\n This updated package includes patches based on xpdf 3.02pl5.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3702\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3703\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3704\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/poppler-0.6.2-i486-3_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/poppler-0.6.4-i486-3_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/poppler-0.8.5-i486-4_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/poppler-0.10.7-i486-3_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/poppler-0.10.7-x86_64-3_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/poppler-0.12.4-i486-2_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/poppler-0.12.4-x86_64-2_slack13.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/poppler-0.14.5-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/poppler-0.14.5-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\n8daaca1fcbe6a3e8991cd68eba2a516c poppler-0.6.2-i486-3_slack12.0.tgz\n\nSlackware 12.1 package:\n414b080307ae2cc7809bd421dc401be7 poppler-0.6.4-i486-3_slack12.1.tgz\n\nSlackware 12.2 package:\n5cda063f8afba904fd9b78ba1a43143b poppler-0.8.5-i486-4_slack12.2.tgz\n\nSlackware 13.0 package:\nf38fbb19427c17b0b5bf9cf56a14109a poppler-0.10.7-i486-3_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n886303af116b212a4ee9ae40a9a55b56 poppler-0.10.7-x86_64-3_slack13.0.txz\n\nSlackware 13.1 package:\nc8cb877d707c01c868c39d7730bbdf59 poppler-0.12.4-i486-2_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n2fbd0553642b50722273844e9b0d3f6c poppler-0.12.4-x86_64-2_slack13.1.txz\n\nSlackware -current package:\nd9e6c4447fa3e4eab10dc96556a36922 poppler-0.14.5-i486-1.txz\n\nSlackware x86_64 -current package:\nb9cd966f542c7bb56d201b59e04934a7 poppler-0.14.5-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg poppler-0.12.4-i486-2_slack13.1.txz", "modified": "2010-11-21T00:21:03", "published": "2010-11-21T00:21:03", "id": "SSA-2010-324-02", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.475147", "type": "slackware", "title": "[slackware-security] poppler", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:16", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4035", "CVE-2010-3704", "CVE-2010-3702"], "description": "### Background\n\nXpdf is an X viewer for PDF files.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nGentoo has discontinued support for Xpdf. We recommend that users unmerge Xpdf: \n \n \n # emerge --unmerge \"app-text/xpdf\"", "edition": 1, "modified": "2014-02-17T00:00:00", "published": "2014-02-17T00:00:00", "id": "GLSA-201402-17", "href": "https://security.gentoo.org/glsa/201402-17", "type": "gentoo", "title": "Xpdf: User-assisted execution of arbitrary code", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
