EulerOS 2.0 SP3 : poppler (EulerOS-SA-2021-1832)

According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at...

Stack Consumption

xpdf is vulnerable to stack consumption. The vulnerability exists due to an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp function...

SUSE: Security Advisory (SUSE-SU-2018:3066-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:3066-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : qpdf (EulerOS-SA-2021-1703)

According to the versions of the qpdf package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service infinite recursion and stack consumption via a crafted PDF document,...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libcroco Vulnerability (NS-SA-2021-0021)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libcroco packages installed that are affected by a vulnerability: - libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption. CVE-2020-12825 Note that Nessus has n...

EulerOS Virtualization 3.0.6.6 : gd (EulerOS-SA-2021-1473)

According to the versions of the gd package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Integer signedness error in GD Graphics Library 2.1.1 aka libgd or libgd2 allows remote attackers to cause a denial of service crash o...

Updated xpdf packages fix security vulnerabilities

In Xpdf 4.02, SplashOutputDev::endType3CharGfxState state SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack-cache, which causes an heap-use-after-free problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to...

MGASA-2021-0112 Updated xpdf packages fix security vulnerabilities

In Xpdf 4.02, SplashOutputDev::endType3CharGfxState state SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack-cache, which causes an heap-use-after-free problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to...

Fedora 33 : 1:xpdf (2021-013d9a30e0)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-013d9a30e0 advisory. - In Xpdf 4.02, SplashOutputDev::endType3CharGfxState state SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack-cache, which causes an...

Fedora 32 : 1:xpdf (2021-4a437fe032)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-4a437fe032 advisory. - In Xpdf 4.02, SplashOutputDev::endType3CharGfxState state SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack-cache, which causes an...

Huawei EulerOS: Security Advisory for gd (EulerOS-SA-2021-1189)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2021-1267)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2021-1248)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 8 : poppler (CESA-2019:2713)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2713 advisory. - poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc CVE-2018-18897 - poppler: NULL pointer dereference in the XRef::getEntry in...

Rust buffer overflow vulnerability (CNVD-2021-37531)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A buffer overflow vulnerability exists in Rust serdecbor crate versions prior to 0.10.2, which stems from the fact that the CBOR deserializer may cause stack consumption via nested semantic tags. No detailed...

Mozilla Rust Resource Management Error Vulnerability (CNVD-2021-30439)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in trust-dns-server crate in Mozilla Rust versions prior to 0.18.1, which stems from a DNS MX and SRV null target handling error that results in stack consumption...

CVE-2020-35858

An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service e.g., x86 or possibly remote code execution e.g., ARM...

CVE-2020-35857

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...

CVE-2020-35858

An issue was discovered in the prost crate before 0.6.1 for Rust. There is stack consumption via a crafted message, causing a denial of service e.g., x86 or possibly remote code execution e.g., ARM...