The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier,
Poppler before 0.10.6, and other products allows remote attackers to
execute arbitrary code via a crafted PDF file that triggers a free of
invalid data.
#### Notes
Author| Note
---|---
[jdstrand](<https://launchpad.net/~jdstrand>) | CUPS on Ubuntu uses system pdftops (compiled with --disable-pdftops)
{"cve": [{"lastseen": "2022-03-23T21:25:11", "description": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.", "cvss3": {}, "published": "2009-04-23T17:30:00", "type": "cve", "title": "CVE-2009-1180", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1180"], "modified": "2019-03-06T16:30:00", "cpe": ["cpe:/a:apple:cups:1.1.2", "cpe:/a:apple:cups:1.1.12", "cpe:/a:apple:cups:1.1.21", "cpe:/a:glyphandcog:xpdfreader:2.00", "cpe:/a:apple:cups:1.2.7", "cpe:/a:apple:cups:1.1.1", "cpe:/a:poppler:poppler:0.3.2", "cpe:/a:glyphandcog:xpdfreader:0.3", "cpe:/a:apple:cups:1.3.10", "cpe:/a:poppler:poppler:0.5.2", "cpe:/a:glyphandcog:xpdfreader:1.01", "cpe:/a:glyphandcog:xpdfreader:2.03", "cpe:/a:poppler:poppler:0.5.0", "cpe:/a:apple:cups:1.3.2", "cpe:/a:apple:cups:1.1.19", "cpe:/a:poppler:poppler:0.9.1", "cpe:/a:apple:cups:1.1.15", "cpe:/a:apple:cups:1.1.6-3", "cpe:/a:foolabs:xpdf:1.00a", "cpe:/a:poppler:poppler:0.3.1", "cpe:/a:poppler:poppler:0.8.7", "cpe:/a:poppler:poppler:0.5.3", "cpe:/a:apple:cups:1.1.5-1", "cpe:/a:apple:cups:1.1.4", "cpe:/a:foolabs:xpdf:0.5a", "cpe:/a:apple:cups:1.2.11", "cpe:/a:poppler:poppler:0.8.1", "cpe:/a:foolabs:xpdf:0.92c", "cpe:/a:apple:cups:1.1", "cpe:/a:poppler:poppler:0.10.5", "cpe:/a:poppler:poppler:0.8.6", "cpe:/a:apple:cups:1.1.10", "cpe:/a:apple:cups:1.3.11", "cpe:/a:glyphandcog:xpdfreader:0.7", "cpe:/a:apple:cups:1.1.6-1", "cpe:/a:apple:cups:1.3.9", "cpe:/a:poppler:poppler:0.4.3", "cpe:/a:glyphandcog:xpdfreader:2.02", "cpe:/a:poppler:poppler:0.3.3", "cpe:/a:apple:cups:1.3.8", "cpe:/a:apple:cups:1.1.14", "cpe:/a:apple:cups:1.2.5", "cpe:/a:apple:cups:1.2.12", "cpe:/a:apple:cups:1.1.8", "cpe:/a:apple:cups:1.1.17", "cpe:/a:poppler:poppler:0.4.0", "cpe:/a:poppler:poppler:0.7.0", "cpe:/a:poppler:poppler:0.9.3", "cpe:/a:poppler:poppler:0.4.2", "cpe:/a:poppler:poppler:0.8.0", "cpe:/a:apple:cups:1.2.1", "cpe:/a:poppler:poppler:0.7.3", "cpe:/a:apple:cups:1.3.5", "cpe:/a:glyphandcog:xpdfreader:0.91", "cpe:/a:foolabs:xpdf:0.92b", "cpe:/a:apple:cups:1.1.9", "cpe:/a:apple:cups:1.2.2", "cpe:/a:apple:cups:1.1.22", "cpe:/a:apple:cups:1.1.6", "cpe:/a:apple:cups:1.3.6", "cpe:/a:foolabs:xpdf:0.92e", "cpe:/a:apple:cups:1.1.6-2", "cpe:/a:glyphandcog:xpdfreader:3.02", "cpe:/a:apple:cups:1.2.6", "cpe:/a:poppler:poppler:0.9.0", "cpe:/a:poppler:poppler:0.1.1", "cpe:/a:poppler:poppler:0.8.2", "cpe:/a:apple:cups:1.1.7", "cpe:/a:apple:cups:1.1.11", "cpe:/a:foolabs:xpdf:0.91b", "cpe:/a:foolabs:xpdf:0.93a", "cpe:/a:poppler:poppler:0.6.2", "cpe:/a:apple:cups:1.2.8", "cpe:/a:poppler:poppler:0.1", "cpe:/a:poppler:poppler:0.10.3", "cpe:/a:glyphandcog:xpdfreader:0.80", "cpe:/a:apple:cups:1.2.4", "cpe:/a:glyphandcog:xpdfreader:2.01", "cpe:/a:poppler:poppler:0.10.0", "cpe:/a:apple:cups:1.2.3", "cpe:/a:apple:cups:1.1.5-2", "cpe:/a:glyphandcog:xpdfreader:3.01", "cpe:/a:poppler:poppler:0.7.1", "cpe:/a:poppler:poppler:0.5.9", "cpe:/a:poppler:poppler:0.3.0", "cpe:/a:apple:cups:1.1.18", "cpe:/a:poppler:poppler:0.10.2", "cpe:/a:poppler:poppler:0.4.4", "cpe:/a:glyphandcog:xpdfreader:0.90", "cpe:/a:poppler:poppler:0.1.2", "cpe:/a:apple:cups:1.3.7", "cpe:/a:foolabs:xpdf:0.93b", "cpe:/a:apple:cups:1.2.9", "cpe:/a:poppler:poppler:0.8.5", "cpe:/a:poppler:poppler:0.2.0", "cpe:/a:apple:cups:1.3.0", "cpe:/a:poppler:poppler:0.6.1", "cpe:/a:glyphandcog:xpdfreader:0.92", "cpe:/a:apple:cups:1.1.23", "cpe:/a:foolabs:xpdf:0.7a", "cpe:/a:foolabs:xpdf:0.91c", "cpe:/a:poppler:poppler:0.7.2", "cpe:/a:apple:cups:1.3.1", "cpe:/a:apple:cups:1.3.3", "cpe:/a:apple:cups:1.1.16", "cpe:/a:apple:cups:1.1.20", "cpe:/a:poppler:poppler:0.8.4", "cpe:/a:glyphandcog:xpdfreader:0.4", "cpe:/a:poppler:poppler:0.5.91", "cpe:/a:poppler:poppler:0.6.0", "cpe:/a:poppler:poppler:0.6.4", "cpe:/a:poppler:poppler:0.9.2", "cpe:/a:apple:cups:1.1.5", "cpe:/a:apple:cups:1.2.0", "cpe:/a:glyphandcog:xpdfreader:3.00", "cpe:/a:apple:cups:1.1.3", "cpe:/a:glyphandcog:xpdfreader:0.5", "cpe:/a:apple:cups:1.3.4", "cpe:/a:poppler:poppler:0.6.3", "cpe:/a:foolabs:xpdf:0.92a", "cpe:/a:glyphandcog:xpdfreader:0.6", "cpe:/a:foolabs:xpdf:0.92d", "cpe:/a:poppler:poppler:0.5.1", "cpe:/a:poppler:poppler:0.10.1", "cpe:/a:poppler:poppler:0.5.90", "cpe:/a:poppler:poppler:0.10.4", "cpe:/a:glyphandcog:xpdfreader:1.00", "cpe:/a:apple:cups:1.2.10", "cpe:/a:apple:cups:1.1.9-1", "cpe:/a:foolabs:xpdf:0.93c", "cpe:/a:poppler:poppler:0.4.1", "cpe:/a:apple:cups:1.1.10-1", "cpe:/a:poppler:poppler:0.8.3", "cpe:/a:glyphandcog:xpdfreader:0.2", "cpe:/a:poppler:poppler:0.5.4", "cpe:/a:glyphandcog:xpdfreader:0.93", "cpe:/a:apple:cups:1.1.13", "cpe:/a:foolabs:xpdf:0.91a"], "id": "CVE-2009-1180", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1180", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:poppler:poppler:0.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93b:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92a:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.91:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93a:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.93c:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.7a:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92d:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.80:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92b:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91b:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.5:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.01:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.5a:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92e:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.02:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.11:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.90:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.9:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91c:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.10:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:1.00a:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.01:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:2.03:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.93:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.01:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.3.8:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.91a:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:foolabs:xpdf:0.92c:*:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*", "cpe:2.3:a:poppler:poppler:0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:glyphandcog:xpdfreader:3.02:*:*:*:*:*:*:*", "cpe:2.3:a:apple:cups:1.2.5:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-01-16T06:11:54", "description": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.", "cvss3": {}, "published": "2009-04-23T17:30:00", "type": "debiancve", "title": "CVE-2009-1180", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1180"], "modified": "2009-04-23T17:30:00", "id": "DEBIANCVE:CVE-2009-1180", "href": "https://security-tracker.debian.org/tracker/CVE-2009-1180", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "veracode": [{"lastseen": "2022-07-27T10:14:07", "description": "xpdf is vulnerable to arbitrary code execution. The vulnerability exists as an attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened.\n", "cvss3": {}, "published": "2020-04-10T00:32:02", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1180"], "modified": "2022-04-19T18:26:00", "id": "VERACODE:23625", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-23625/summary", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-02T21:14:02", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "FreeBSD Ports: poppler", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-1179"], "modified": "2016-12-23T00:00:00", "id": "OPENVAS:63860", "href": "http://plugins.openvas.org/nasl.php?oid=63860", "sourceData": "#\n#VID 50d233d9-374b-46ce-922d-4e6b3f777bef\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 50d233d9-374b-46ce-922d-4e6b3f777bef\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: poppler\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/34746/\nhttp://www.vuxml.org/freebsd/50d233d9-374b-46ce-922d-4e6b3f777bef.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63860);\n script_version(\"$Revision: 4847 $\");\n script_cve_id(\"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\",\n \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\",\n \"CVE-2009-1188\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-23 10:33:16 +0100 (Fri, 23 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: poppler\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"poppler\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.10.6\")<0) {\n txt += 'Package poppler version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:48", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "FreeBSD Ports: poppler", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063860", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063860", "sourceData": "#\n#VID 50d233d9-374b-46ce-922d-4e6b3f777bef\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 50d233d9-374b-46ce-922d-4e6b3f777bef\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: poppler\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/34746/\nhttp://www.vuxml.org/freebsd/50d233d9-374b-46ce-922d-4e6b3f777bef.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63860\");\n script_version(\"$Revision: 9350 $\");\n script_cve_id(\"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\",\n \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\",\n \"CVE-2009-1188\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: poppler\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"poppler\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.10.6\")<0) {\n txt += 'Package poppler version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kdegraphics CESA-2009:0431 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880770", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880770", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kdegraphics CESA-2009:0431 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015868.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880770\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:0431\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\",\n \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\",\n \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for kdegraphics CESA-2009:0431 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kdegraphics'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"kdegraphics on CentOS 5\");\n script_tag(name:\"insight\", value:\"The kdegraphics packages contain applications for the K Desktop\n Environment, including KPDF, a viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause KPDF to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0147,\n CVE-2009-1179)\n\n Multiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause KPDF to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0146,\n CVE-2009-1182)\n\n Multiple flaws were found in KPDF's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause KPDF to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-0166, CVE-2009-1180)\n\n Multiple input validation flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause KPDF to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\n Multiple denial of service flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF that would cause KPDF to crash when\n opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\n Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\n Security team, and Will Dormann of the CERT/CC for responsibly reporting\n these flaws.\n\n Users are advised to upgrade to these updated packages, which contain\n backported patches to resolve these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.5.4~12.el5_3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.5.4~12.el5_3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:55:31", "description": "Check for the Version of xpdf", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for xpdf CESA-2009:0430 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880889", "href": "http://plugins.openvas.org/nasl.php?oid=880889", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xpdf CESA-2009:0430 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Xpdf is an X Window System based viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause Xpdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0147,\n CVE-2009-1179)\n \n Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause Xpdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0146,\n CVE-2009-1182)\n \n Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause Xpdf to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-0166, CVE-2009-1180)\n \n Multiple input validation flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause Xpdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n \n Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF that would cause Xpdf to crash when\n opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n \n Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\n Security team, and Will Dormann of the CERT/CC for responsibly reporting\n these flaws.\n \n Users are advised to upgrade to this updated package, which contains\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"xpdf on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015918.html\");\n script_id(880889);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0430\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\",\n \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\",\n \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for xpdf CESA-2009:0430 centos4 i386\");\n\n script_summary(\"Check for the Version of xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~20.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:54", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "FreeBSD Ports: xpdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2016-12-28T00:00:00", "id": "OPENVAS:63861", "href": "http://plugins.openvas.org/nasl.php?oid=63861", "sourceData": "#\n#VID a21037d5-2c38-11de-ab3b-0017a4cccfc6\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID a21037d5-2c38-11de-ab3b-0017a4cccfc6\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xpdf\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/34291\nhttp://www.vupen.com/english/advisories/2009/1065\nhttp://www.vuxml.org/freebsd/a21037d5-2c38-11de-ab3b-0017a4cccfc6.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63861);\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: xpdf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"xpdf\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.02_11\")<0) {\n txt += 'Package xpdf version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:28", "description": "The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-3820.", "cvss3": {}, "published": "2009-04-28T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-3820 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063879", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063879", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3820.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3820 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix several security updates in xpdf (3.02pl3 patch applied).\nChangeLog:\n\n* Thu Apr 16 2009 Tom spot Callaway - 1:3.02-13\n- apply xpdf-3.02pl3 security patch to fix:\nCVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180\nCVE-2009-1181, CVE-2009-1182, CVE-2009-1183\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xpdf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3820\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-3820.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63879\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-3820 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495886\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495887\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495889\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495892\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495894\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495896\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495899\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490612\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490614\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490625\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~13.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.02~13.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kdegraphics CESA-2009:0431 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880934", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880934", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kdegraphics CESA-2009:0431 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015921.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880934\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:0431\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\",\n \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\",\n \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for kdegraphics CESA-2009:0431 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kdegraphics'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"kdegraphics on CentOS 4\");\n script_tag(name:\"insight\", value:\"The kdegraphics packages contain applications for the K Desktop\n Environment, including KPDF, a viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause KPDF to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0147,\n CVE-2009-1179)\n\n Multiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause KPDF to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0146,\n CVE-2009-1182)\n\n Multiple flaws were found in KPDF's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause KPDF to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-0166, CVE-2009-1180)\n\n Multiple input validation flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause KPDF to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\n Multiple denial of service flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF that would cause KPDF to crash when\n opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\n Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\n Security team, and Will Dormann of the CERT/CC for responsibly reporting\n these flaws.\n\n Users are advised to upgrade to these updated packages, which contain\n backported patches to resolve these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.3.1~13.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.3.1~13.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:37:59", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "FreeBSD Ports: xpdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063861", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063861", "sourceData": "#\n#VID a21037d5-2c38-11de-ab3b-0017a4cccfc6\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID a21037d5-2c38-11de-ab3b-0017a4cccfc6\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: xpdf\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/34291\nhttp://www.vupen.com/english/advisories/2009/1065\nhttp://www.vuxml.org/freebsd/a21037d5-2c38-11de-ab3b-0017a4cccfc6.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63861\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: xpdf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"xpdf\");\nif(!isnull(bver) && revcomp(a:bver, b:\"3.02_11\")<0) {\n txt += 'Package xpdf version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:03", "description": "The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-3794.", "cvss3": {}, "published": "2009-04-28T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-3794 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63878", "href": "http://plugins.openvas.org/nasl.php?oid=63878", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3794.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3794 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix several security updates in xpdf (3.02pl3 patch applied).\n\nChangeLog:\n\n* Thu Apr 16 2009 Tom spot Callaway - 1:3.02-13\n- apply xpdf-3.02pl3 security patch to fix:\nCVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180\nCVE-2009-1181, CVE-2009-1182, CVE-2009-1183\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xpdf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3794\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-3794.\";\n\n\n\nif(description)\n{\n script_id(63878);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-3794 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495886\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495887\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495889\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495892\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495894\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495896\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495899\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490612\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490614\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490625\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~13.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.02~13.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:42", "description": "Check for the Version of kdegraphics", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kdegraphics CESA-2009:0431 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880770", "href": "http://plugins.openvas.org/nasl.php?oid=880770", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kdegraphics CESA-2009:0431 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kdegraphics packages contain applications for the K Desktop\n Environment, including KPDF, a viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause KPDF to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0147,\n CVE-2009-1179)\n \n Multiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause KPDF to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0146,\n CVE-2009-1182)\n \n Multiple flaws were found in KPDF's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause KPDF to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-0166, CVE-2009-1180)\n \n Multiple input validation flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause KPDF to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n \n Multiple denial of service flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF that would cause KPDF to crash when\n opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n \n Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\n Security team, and Will Dormann of the CERT/CC for responsibly reporting\n these flaws.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kdegraphics on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015868.html\");\n script_id(880770);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0431\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\",\n \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\",\n \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for kdegraphics CESA-2009:0431 centos5 i386\");\n\n script_summary(\"Check for the Version of kdegraphics\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.5.4~12.el5_3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.5.4~12.el5_3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:20", "description": "The remote host is missing updates to xpdf announced in\nadvisory CESA-2009:0430.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0430 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064060", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064060", "sourceData": "#CESA-2009:0430 64060 2\n# $Id: ovcesa2009_0430.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0430 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0430\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0430\nhttps://rhn.redhat.com/errata/RHSA-2009-0430.html\";\ntag_summary = \"The remote host is missing updates to xpdf announced in\nadvisory CESA-2009:0430.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64060\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0430 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~20.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:09", "description": "The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-3794.", "cvss3": {}, "published": "2009-04-28T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-3794 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063878", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063878", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3794.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3794 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix several security updates in xpdf (3.02pl3 patch applied).\n\nChangeLog:\n\n* Thu Apr 16 2009 Tom spot Callaway - 1:3.02-13\n- apply xpdf-3.02pl3 security patch to fix:\nCVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180\nCVE-2009-1181, CVE-2009-1182, CVE-2009-1183\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xpdf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3794\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-3794.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63878\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-3794 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495886\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495887\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495889\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495892\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495894\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495896\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495899\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490612\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490614\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490625\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~13.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.02~13.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:50", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0430.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0147,\nCVE-2009-1179)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0146,\nCVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause Xpdf to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF that would cause Xpdf to crash when\nopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0430", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063831", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063831", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0430.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0430 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0430.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0147,\nCVE-2009-1179)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0146,\nCVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause Xpdf to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF that would cause Xpdf to crash when\nopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63831\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0430\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0430.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~2.02~14.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~2.02~14.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~20.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.00~20.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for xpdf CESA-2009:0430 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xpdf CESA-2009:0430 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-April/015784.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880830\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:0430\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\",\n \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\",\n \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for xpdf CESA-2009:0430 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xpdf'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS3\");\n script_tag(name:\"affected\", value:\"xpdf on CentOS 3\");\n script_tag(name:\"insight\", value:\"Xpdf is an X Window System based viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause Xpdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0147,\n CVE-2009-1179)\n\n Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause Xpdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0146,\n CVE-2009-1182)\n\n Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause Xpdf to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-0166, CVE-2009-1180)\n\n Multiple input validation flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause Xpdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\n Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF that would cause Xpdf to crash when\n opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\n Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\n Security team, and Will Dormann of the CERT/CC for responsibly reporting\n these flaws.\n\n Users are advised to upgrade to this updated package, which contains\n backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~2.02~14.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for xpdf CESA-2009:0430 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880889", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880889", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xpdf CESA-2009:0430 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015918.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880889\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:0430\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\",\n \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\",\n \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for xpdf CESA-2009:0430 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xpdf'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"xpdf on CentOS 4\");\n script_tag(name:\"insight\", value:\"Xpdf is an X Window System based viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause Xpdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0147,\n CVE-2009-1179)\n\n Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause Xpdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0146,\n CVE-2009-1182)\n\n Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause Xpdf to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-0166, CVE-2009-1180)\n\n Multiple input validation flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause Xpdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\n Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF that would cause Xpdf to crash when\n opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\n Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\n Security team, and Will Dormann of the CERT/CC for responsibly reporting\n these flaws.\n\n Users are advised to upgrade to this updated package, which contains\n backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~20.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:37:24", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0431.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0147,\nCVE-2009-1179)\n\nMultiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0146,\nCVE-2009-1182)\n\nMultiple flaws were found in KPDF's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause KPDF to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF that would cause KPDF to crash when\nopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0431", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063832", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063832", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0431.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0431 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0431.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0147,\nCVE-2009-1179)\n\nMultiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0146,\nCVE-2009-1182)\n\nMultiple flaws were found in KPDF's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause KPDF to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF that would cause KPDF to crash when\nopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63832\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0431\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0431.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.3.1~13.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-debuginfo\", rpm:\"kdegraphics-debuginfo~3.3.1~13.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.3.1~13.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.5.4~12.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-debuginfo\", rpm:\"kdegraphics-debuginfo~3.5.4~12.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.5.4~12.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:41", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0431.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0147,\nCVE-2009-1179)\n\nMultiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0146,\nCVE-2009-1182)\n\nMultiple flaws were found in KPDF's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause KPDF to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF that would cause KPDF to crash when\nopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0431", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63832", "href": "http://plugins.openvas.org/nasl.php?oid=63832", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0431.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0431 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0431.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0147,\nCVE-2009-1179)\n\nMultiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0146,\nCVE-2009-1182)\n\nMultiple flaws were found in KPDF's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause KPDF to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF that would cause KPDF to crash when\nopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63832);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0431\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0431.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.3.1~13.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-debuginfo\", rpm:\"kdegraphics-debuginfo~3.3.1~13.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.3.1~13.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.5.4~12.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-debuginfo\", rpm:\"kdegraphics-debuginfo~3.5.4~12.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.5.4~12.el5_3\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:04", "description": "The remote host is missing updates to kdegraphics announced in\nadvisory CESA-2009:0431.", "cvss3": {}, "published": "2009-05-20T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0431 (kdegraphics)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064012", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064012", "sourceData": "#CESA-2009:0431 64012 4\n# $Id: ovcesa2009_0431.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0431 (kdegraphics)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0431\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0431\nhttps://rhn.redhat.com/errata/RHSA-2009-0431.html\";\ntag_summary = \"The remote host is missing updates to kdegraphics announced in\nadvisory CESA-2009:0431.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64012\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0431 (kdegraphics)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.5.4~12.el5_3\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.5.4~12.el5_3\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.3.1~13.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.3.1~13.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:26", "description": "The remote host is missing updates to xpdf announced in\nadvisory CESA-2009:0430.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0430 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64060", "href": "http://plugins.openvas.org/nasl.php?oid=64060", "sourceData": "#CESA-2009:0430 64060 2\n# $Id: ovcesa2009_0430.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0430 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0430\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0430\nhttps://rhn.redhat.com/errata/RHSA-2009-0430.html\";\ntag_summary = \"The remote host is missing updates to xpdf announced in\nadvisory CESA-2009:0430.\";\n\n\n\nif(description)\n{\n script_id(64060);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0430 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~20.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:12", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0430.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0147,\nCVE-2009-1179)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0146,\nCVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause Xpdf to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF that would cause Xpdf to crash when\nopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0430", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63831", "href": "http://plugins.openvas.org/nasl.php?oid=63831", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0430.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0430 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0430.\n\nXpdf is an X Window System based viewer for Portable Document Format (PDF)\nfiles.\n\nMultiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0147,\nCVE-2009-1179)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0146,\nCVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause Xpdf to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF that would cause Xpdf to crash when\nopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63831);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0430\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0430.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~2.02~14.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~2.02~14.el3\", rls:\"RHENT_3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.00~20.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.00~20.el4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:48", "description": "Check for the Version of kdegraphics", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for kdegraphics CESA-2009:0431 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880934", "href": "http://plugins.openvas.org/nasl.php?oid=880934", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kdegraphics CESA-2009:0431 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The kdegraphics packages contain applications for the K Desktop\n Environment, including KPDF, a viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause KPDF to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0147,\n CVE-2009-1179)\n \n Multiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause KPDF to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0146,\n CVE-2009-1182)\n \n Multiple flaws were found in KPDF's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause KPDF to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-0166, CVE-2009-1180)\n \n Multiple input validation flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause KPDF to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n \n Multiple denial of service flaws were found in KPDF's JBIG2 decoder. An\n attacker could create a malicious PDF that would cause KPDF to crash when\n opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n \n Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\n Security team, and Will Dormann of the CERT/CC for responsibly reporting\n these flaws.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"kdegraphics on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015921.html\");\n script_id(880934);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0431\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\",\n \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\",\n \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for kdegraphics CESA-2009:0431 centos4 i386\");\n\n script_summary(\"Check for the Version of kdegraphics\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.3.1~13.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.3.1~13.el4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:41", "description": "The remote host is missing updates to kdegraphics announced in\nadvisory CESA-2009:0431.", "cvss3": {}, "published": "2009-05-20T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0431 (kdegraphics)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64012", "href": "http://plugins.openvas.org/nasl.php?oid=64012", "sourceData": "#CESA-2009:0431 64012 4\n# $Id: ovcesa2009_0431.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0431 (kdegraphics)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0431\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0431\nhttps://rhn.redhat.com/errata/RHSA-2009-0431.html\";\ntag_summary = \"The remote host is missing updates to kdegraphics announced in\nadvisory CESA-2009:0431.\";\n\n\n\nif(description)\n{\n script_id(64012);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0431 (kdegraphics)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.5.4~12.el5_3\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.5.4~12.el5_3\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics\", rpm:\"kdegraphics~3.3.1~13.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics-devel\", rpm:\"kdegraphics-devel~3.3.1~13.el4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:07", "description": "The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-3820.", "cvss3": {}, "published": "2009-04-28T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-3820 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:63879", "href": "http://plugins.openvas.org/nasl.php?oid=63879", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_3820.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-3820 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix several security updates in xpdf (3.02pl3 patch applied).\nChangeLog:\n\n* Thu Apr 16 2009 Tom spot Callaway - 1:3.02-13\n- apply xpdf-3.02pl3 security patch to fix:\nCVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180\nCVE-2009-1181, CVE-2009-1182, CVE-2009-1183\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xpdf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3820\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-3820.\";\n\n\n\nif(description)\n{\n script_id(63879);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-3820 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495886\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495887\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495889\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495892\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495894\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495896\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495899\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490612\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490614\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=490625\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~13.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.02~13.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:28", "description": "Check for the Version of xpdf", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for xpdf CESA-2009:0430 centos3 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880830", "href": "http://plugins.openvas.org/nasl.php?oid=880830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for xpdf CESA-2009:0430 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Xpdf is an X Window System based viewer for Portable Document Format (PDF)\n files.\n\n Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause Xpdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0147,\n CVE-2009-1179)\n \n Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause Xpdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0146,\n CVE-2009-1182)\n \n Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause Xpdf to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-0166, CVE-2009-1180)\n \n Multiple input validation flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause Xpdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n \n Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. An\n attacker could create a malicious PDF that would cause Xpdf to crash when\n opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n \n Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\n Security team, and Will Dormann of the CERT/CC for responsibly reporting\n these flaws.\n \n Users are advised to upgrade to this updated package, which contains\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"xpdf on CentOS 3\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-April/015784.html\");\n script_id(880830);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0430\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\",\n \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\",\n \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for xpdf CESA-2009:0430 centos3 i386\");\n\n script_summary(\"Check for the Version of xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~2.02~14.el3\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:58", "description": "The remote host is missing updates to gpdf announced in\nadvisory CESA-2009:0458.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0458 (gpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064062", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064062", "sourceData": "#CESA-2009:0458 64062 4\n# $Id: ovcesa2009_0458.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0458 (gpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0458\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0458\nhttps://rhn.redhat.com/errata/RHSA-2009-0458.html\";\ntag_summary = \"The remote host is missing updates to gpdf announced in\nadvisory CESA-2009:0458.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64062\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0458 (gpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_7.4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:39:44", "description": "The remote host is missing an update to kdegraphics\nannounced via advisory DSA 1793-1.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1793-1 (kdegraphics)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063958", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063958", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1793_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1793-1 (kdegraphics)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the\nxpdf program and thus suffers from similar flaws to those described in\nDSA-1790.\n\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2009-0146\n\nMultiple buffer overflows in the JBIG2 decoder in kpdf allow\nremote attackers to cause a denial of service (crash) via a\ncrafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and\n(2) JBIG2Stream::readSymbolDictSeg.\n\nCVE-2009-0147\n\nMultiple integer overflows in the JBIG2 decoder in kpdf allow\nremote attackers to cause a denial of service (crash) via a\ncrafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg,\n(2) JBIG2Stream::readSymbolDictSeg, and (3)\nJBIG2Stream::readGenericBitmap.\n\nCVE-2009-0165\n\nInteger overflow in the JBIG2 decoder in kpdf has unspecified\nimpact related to g*allocn.\n\nCVE-2009-0166\n\nThe JBIG2 decoder in kpdf allows remote attackers to cause a\ndenial of service (crash) via a crafted PDF file that triggers a\nfree of uninitialized memory.\n\nCVE-2009-0799\n\nThe JBIG2 decoder in kpdf allows remote attackers to cause a\ndenial of service (crash) via a crafted PDF file that triggers an\nout-of-bounds read.\n\nCVE-2009-0800\n\nMultiple input validation flaws in the JBIG2 decoder in kpdf\nallow remote attackers to execute arbitrary code via a crafted PDF\nfile.\n\nCVE-2009-1179\n\nInteger overflow in the JBIG2 decoder in kpdf allows remote\nattackers to execute arbitrary code via a crafted PDF file.\n\nCVE-2009-1180\n\nThe JBIG2 decoder in kpdf allows remote attackers to execute\narbitrary code via a crafted PDF file that triggers a free of\ninvalid data.\n\nCVE-2009-1181\n\nThe JBIG2 decoder in kpdf allows remote attackers to cause a\ndenial of service (crash) via a crafted PDF file that triggers a\nNULL pointer dereference.\n\nCVE-2009-1182\n\nMultiple buffer overflows in the JBIG2 MMR decoder in kpdf allow\nremote attackers to execute arbitrary code via a crafted PDF file.\n\nCVE-2009-1183\n\nThe JBIG2 MMR decoder in kpdf allows remote attackers to cause a\ndenial of service (infinite loop and hang) via a crafted PDF file.\n\n\nWe recommend that you upgrade your kdegraphics packages.\";\ntag_summary = \"The remote host is missing an update to kdegraphics\nannounced via advisory DSA 1793-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201793-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63958\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1793-1 (kdegraphics)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kdegraphics-doc-html\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kgamma\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kiconedit\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpdf\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kooka\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kolourpaint\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfaxview\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kuickshow\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kmrml\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kghostview\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kviewshell\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfax\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan-dev\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kcoloredit\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kview\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kruler\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kamera\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dev\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksnapshot\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-kfile-plugins\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan1\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dbg\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpovmodeler\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdvi\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksvg\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-doc-html\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kview\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dbg\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dev\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kviewshell\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kruler\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kooka\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kuickshow\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-kfile-plugins\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kolourpaint\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpovmodeler\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksnapshot\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfaxview\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kghostview\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdvi\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksvg\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kcoloredit\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kamera\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan-dev\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kmrml\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpdf\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kgamma\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan1\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfax\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kiconedit\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for cups CESA-2009:0429 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880886", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880886", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2009:0429 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015916.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880886\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:0429\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0166\",\n \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\",\n \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for cups CESA-2009:0429 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cups'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"cups on CentOS 4\");\n script_tag(name:\"insight\", value:\"The Common UNIX\u00ae Printing System (CUPS) provides a portable printing layer\n for UNIX operating systems.\n\n Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n or, potentially, execute arbitrary code as the 'lp' user if the file was\n printed. (CVE-2009-0147, CVE-2009-1179)\n\n Multiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n or, potentially, execute arbitrary code as the 'lp' user if the file was\n printed. (CVE-2009-0146, CVE-2009-1182)\n\n Multiple flaws were found in the CUPS JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause CUPS to crash or, potentially, execute arbitrary code\n as the 'lp' user if the file was printed. (CVE-2009-0166, CVE-2009-1180)\n\n Multiple input validation flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n or, potentially, execute arbitrary code as the 'lp' user if the file was\n printed. (CVE-2009-0800)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n discovered in the Tagged Image File Format (TIFF) decoding routines used by\n the CUPS image-converting filters, 'imagetops' and 'imagetoraster'. An\n attacker could create a malicious TIFF file that could, potentially,\n execute arbitrary code as the 'lp' user if the file was printed.\n (CVE-2009-0163)\n\n Multiple denial of service flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n when printed. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\n Red Hat would like to thank Aaron Sigel, Braden Thomas and Drew Yao of\n the Apple Product Security team, and Will Dormann of the CERT/CC for\n responsibly reporting these flaws.\n\n Users of cups are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n update, the cupsd daemon will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:38:49", "description": "The remote host is missing an update to xpdf\nannounced via advisory MDVSA-2009:101.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:101 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063915", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063915", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_101.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:101 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple buffer overflows in the JBIG2 decoder allows remote\nattackers to cause a denial of service (crash) via a crafted PDF file\n(CVE-2009-0146).\n\nMultiple integer overflows in the JBIG2 decoder allows remote\nattackers to cause a denial of service (crash) via a crafted PDF file\n(CVE-2009-0147).\n\nAn integer overflow in the JBIG2 decoder has unspecified\nimpact. (CVE-2009-0165).\n\nA free of uninitialized memory flaw in the the JBIG2 decoder allows\nremote to cause a denial of service (crash) via a crafted PDF file\n(CVE-2009-0166).\n\nMultiple input validation flaws in the JBIG2 decoder allows\nremote attackers to execute arbitrary code via a crafted PDF file\n(CVE-2009-0800).\n\nAn out-of-bounds read flaw in the JBIG2 decoder allows remote\nattackers to cause a denial of service (crash) via a crafted PDF file\n(CVE-2009-0799).\n\nAn integer overflow in the JBIG2 decoder allows remote attackers to\nexecute arbitrary code via a crafted PDF file (CVE-2009-1179).\n\nA free of invalid data flaw in the JBIG2 decoder allows remote\nattackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).\n\nA NULL pointer dereference flaw in the JBIG2 decoder allows remote\nattackers to cause denial of service (crash) via a crafted PDF file\n(CVE-2009-1181).\n\nMultiple buffer overflows in the JBIG2 MMR decoder allows remote\nattackers to cause denial of service or to execute arbitrary code\nvia a crafted PDF file (CVE-2009-1182, CVE-2009-1183).\n\nThis update provides fixes for that vulnerabilities.\n\nAffected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:101\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory MDVSA-2009:101.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63915\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0800\", \"CVE-2009-0799\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:101 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-common\", rpm:\"xpdf-common~3.02~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-common\", rpm:\"xpdf-common~3.02~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~12.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-common\", rpm:\"xpdf-common~3.02~12.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:12", "description": "The remote host is missing updates to cups announced in\nadvisory CESA-2009:0429.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0429 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064059", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064059", "sourceData": "#CESA-2009:0429 64059 2\n# $Id: ovcesa2009_0429.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0429 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0429\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0429\nhttps://rhn.redhat.com/errata/RHSA-2009-0429.html\";\ntag_summary = \"The remote host is missing updates to cups announced in\nadvisory CESA-2009:0429.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64059\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0429 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:32", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-129-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-129-01 xpdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:136141256231063964", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063964", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_129_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63964\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2009-129-01 xpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(9\\.1|10\\.0|10\\.1|10\\.2|11\\.0|12\\.0|12\\.1|12\\.2)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-129-01\");\n\n script_tag(name:\"insight\", value:\"New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0,\n12.0, 12.1, 12.2, and -current to fix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2009-129-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-04-06T11:40:27", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0458.\n\nGPdf is a viewer for Portable Document Format (PDF) files.\n\nMultiple integer overflow flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause GPdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0147,\nCVE-2009-1179)\n\nMultiple buffer overflow flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause GPdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0146,\nCVE-2009-1182)\n\nMultiple flaws were found in GPdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause GPdf to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause GPdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF that would cause GPdf to crash when\nopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0458", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063910", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063910", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0458.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0458 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0458.\n\nGPdf is a viewer for Portable Document Format (PDF) files.\n\nMultiple integer overflow flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause GPdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0147,\nCVE-2009-1179)\n\nMultiple buffer overflow flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause GPdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0146,\nCVE-2009-1182)\n\nMultiple flaws were found in GPdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause GPdf to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause GPdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF that would cause GPdf to crash when\nopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63910\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0458\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0458.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_7.4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpdf-debuginfo\", rpm:\"gpdf-debuginfo~2.8.2~7.7.2.el4_7.4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:19", "description": "Check for the Version of cups", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for cups CESA-2009:0429 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880886", "href": "http://plugins.openvas.org/nasl.php?oid=880886", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2009:0429 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX\u00ae Printing System (CUPS) provides a portable printing layer\n for UNIX operating systems.\n\n Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n or, potentially, execute arbitrary code as the "lp" user if the file was\n printed. (CVE-2009-0147, CVE-2009-1179)\n \n Multiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n or, potentially, execute arbitrary code as the "lp" user if the file was\n printed. (CVE-2009-0146, CVE-2009-1182)\n \n Multiple flaws were found in the CUPS JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause CUPS to crash or, potentially, execute arbitrary code\n as the "lp" user if the file was printed. (CVE-2009-0166, CVE-2009-1180)\n \n Multiple input validation flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n or, potentially, execute arbitrary code as the "lp" user if the file was\n printed. (CVE-2009-0800)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n discovered in the Tagged Image File Format (TIFF) decoding routines used by\n the CUPS image-converting filters, "imagetops" and "imagetoraster". An\n attacker could create a malicious TIFF file that could, potentially,\n execute arbitrary code as the "lp" user if the file was printed.\n (CVE-2009-0163)\n \n Multiple denial of service flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n when printed. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n \n Red Hat would like to thank Aaron Sigel, Braden Thomas and Drew Yao of\n the Apple Product Security team, and Will Dormann of the CERT/CC for\n responsibly reporting these flaws.\n \n Users of cups are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n update, the cupsd daemon will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cups on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015916.html\");\n script_id(880886);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0429\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0166\",\n \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\",\n \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for cups CESA-2009:0429 centos4 i386\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:55:40", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0429.\n\nThe Common UNIX\u00ae Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nMultiple integer overflow flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nor, potentially, execute arbitrary code as the lp user if the file was\nprinted. (CVE-2009-0147, CVE-2009-1179)\n\nMultiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nor, potentially, execute arbitrary code as the lp user if the file was\nprinted. (CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in the CUPS JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause CUPS to crash or, potentially, execute arbitrary code\nas the lp user if the file was printed. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nor, potentially, execute arbitrary code as the lp user if the file was\nprinted. (CVE-2009-0800)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\ndiscovered in the Tagged Image File Format (TIFF) decoding routines used by\nthe CUPS image-converting filters, imagetops and imagetoraster. An\nattacker could create a malicious TIFF file that could, potentially,\nexecute arbitrary code as the lp user if the file was printed.\n(CVE-2009-0163)\n\nMultiple denial of service flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nwhen printed. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Aaron Sigel, Braden Thomas and Drew Yao of\nthe Apple Product Security team, and Will Dormann of the CERT/CC for\nresponsibly reporting these flaws.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, the cupsd daemon will be restarted automatically.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0429", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63830", "href": "http://plugins.openvas.org/nasl.php?oid=63830", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0429.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0429 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0429.\n\nThe Common UNIX\u00ae Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nMultiple integer overflow flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nor, potentially, execute arbitrary code as the lp user if the file was\nprinted. (CVE-2009-0147, CVE-2009-1179)\n\nMultiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nor, potentially, execute arbitrary code as the lp user if the file was\nprinted. (CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in the CUPS JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause CUPS to crash or, potentially, execute arbitrary code\nas the lp user if the file was printed. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nor, potentially, execute arbitrary code as the lp user if the file was\nprinted. (CVE-2009-0800)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\ndiscovered in the Tagged Image File Format (TIFF) decoding routines used by\nthe CUPS image-converting filters, imagetops and imagetoraster. An\nattacker could create a malicious TIFF file that could, potentially,\nexecute arbitrary code as the lp user if the file was printed.\n(CVE-2009-0163)\n\nMultiple denial of service flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nwhen printed. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Aaron Sigel, Braden Thomas and Drew Yao of\nthe Apple Product Security team, and Will Dormann of the CERT/CC for\nresponsibly reporting these flaws.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, the cupsd daemon will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63830);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0429\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0429.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~8.el5_3.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.3.7~8.el5_3.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~8.el5_3.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~8.el5_3.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~8.el5_3.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for gpdf CESA-2009:0458 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880900", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880900", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gpdf CESA-2009:0458 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015924.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880900\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:0458\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\",\n \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\",\n \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for gpdf CESA-2009:0458 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gpdf'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS4\");\n script_tag(name:\"affected\", value:\"gpdf on CentOS 4\");\n script_tag(name:\"insight\", value:\"GPdf is a viewer for Portable Document Format (PDF) files.\n\n Multiple integer overflow flaws were found in GPdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause GPdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0147,\n CVE-2009-1179)\n\n Multiple buffer overflow flaws were found in GPdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause GPdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0146,\n CVE-2009-1182)\n\n Multiple flaws were found in GPdf's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause GPdf to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-0166, CVE-2009-1180)\n\n Multiple input validation flaws were found in GPdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause GPdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\n Multiple denial of service flaws were found in GPdf's JBIG2 decoder. An\n attacker could create a malicious PDF that would cause GPdf to crash when\n opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\n Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\n Security team, and Will Dormann of the CERT/CC for responsibly reporting\n these flaws.\n\n Users are advised to upgrade to this updated package, which contains\n backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_7.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:50:49", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-129-01.", "cvss3": {}, "published": "2012-09-11T00:00:00", "type": "openvas", "title": "Slackware Advisory SSA:2009-129-01 xpdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63964", "href": "http://plugins.openvas.org/nasl.php?oid=63964", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_129_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0,\n12.0, 12.1, 12.2, and -current to fix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-129-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-129-01\";\n \nif(description)\n{\n script_id(63964);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2009-129-01 xpdf \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"xpdf\", ver:\"3.02pl3-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:20", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0429.\n\nThe Common UNIX\u00ae Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nMultiple integer overflow flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nor, potentially, execute arbitrary code as the lp user if the file was\nprinted. (CVE-2009-0147, CVE-2009-1179)\n\nMultiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nor, potentially, execute arbitrary code as the lp user if the file was\nprinted. (CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in the CUPS JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause CUPS to crash or, potentially, execute arbitrary code\nas the lp user if the file was printed. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nor, potentially, execute arbitrary code as the lp user if the file was\nprinted. (CVE-2009-0800)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\ndiscovered in the Tagged Image File Format (TIFF) decoding routines used by\nthe CUPS image-converting filters, imagetops and imagetoraster. An\nattacker could create a malicious TIFF file that could, potentially,\nexecute arbitrary code as the lp user if the file was printed.\n(CVE-2009-0163)\n\nMultiple denial of service flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nwhen printed. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Aaron Sigel, Braden Thomas and Drew Yao of\nthe Apple Product Security team, and Will Dormann of the CERT/CC for\nresponsibly reporting these flaws.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, the cupsd daemon will be restarted automatically.", "cvss3": {}, "published": "2009-04-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0429", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063830", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063830", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0429.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0429 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0429.\n\nThe Common UNIX\u00ae Printing System (CUPS) provides a portable printing layer\nfor UNIX operating systems.\n\nMultiple integer overflow flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nor, potentially, execute arbitrary code as the lp user if the file was\nprinted. (CVE-2009-0147, CVE-2009-1179)\n\nMultiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nor, potentially, execute arbitrary code as the lp user if the file was\nprinted. (CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in the CUPS JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause CUPS to crash or, potentially, execute arbitrary code\nas the lp user if the file was printed. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nor, potentially, execute arbitrary code as the lp user if the file was\nprinted. (CVE-2009-0800)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\ndiscovered in the Tagged Image File Format (TIFF) decoding routines used by\nthe CUPS image-converting filters, imagetops and imagetoraster. An\nattacker could create a malicious TIFF file that could, potentially,\nexecute arbitrary code as the lp user if the file was printed.\n(CVE-2009-0163)\n\nMultiple denial of service flaws were found in the CUPS JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause CUPS to crash\nwhen printed. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Aaron Sigel, Braden Thomas and Drew Yao of\nthe Apple Product Security team, and Will Dormann of the CERT/CC for\nresponsibly reporting these flaws.\n\nUsers of cups are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, the cupsd daemon will be restarted automatically.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63830\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0429\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0429.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~8.el5_3.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.3.7~8.el5_3.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~8.el5_3.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~8.el5_3.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~8.el5_3.4\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:22", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdegraphics3\n kdegraphics3-devel\n kdegraphics3-extra\n kdegraphics3-fax\n kdegraphics3-pdf\n kdegraphics3-postscript\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for kdegraphics3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65835", "href": "http://plugins.openvas.org/nasl.php?oid=65835", "sourceData": "#\n#VID slesp2-kdegraphics3-6283\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for kdegraphics3\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdegraphics3\n kdegraphics3-devel\n kdegraphics3-extra\n kdegraphics3-fax\n kdegraphics3-pdf\n kdegraphics3-postscript\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65835);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for kdegraphics3\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics3\", rpm:\"kdegraphics3~3.5.1~23.24\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics3-devel\", rpm:\"kdegraphics3-devel~3.5.1~23.24\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics3-extra\", rpm:\"kdegraphics3-extra~3.5.1~23.24\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics3-fax\", rpm:\"kdegraphics3-fax~3.5.1~23.24\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics3-pdf\", rpm:\"kdegraphics3-pdf~3.5.1~23.24\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics3-postscript\", rpm:\"kdegraphics3-postscript~3.5.1~23.24\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:44", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xpdf-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for xpdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065810", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065810", "sourceData": "#\n#VID slesp2-xpdf-6177\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for xpdf\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xpdf-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65810\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0165\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for xpdf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.01~21.16\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:55", "description": "The remote host is missing an update to kdegraphics\nannounced via advisory DSA 1793-1.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1793-1 (kdegraphics)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63958", "href": "http://plugins.openvas.org/nasl.php?oid=63958", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1793_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1793-1 (kdegraphics)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"kpdf, a Portable Document Format (PDF) viewer for KDE, is based on the\nxpdf program and thus suffers from similar flaws to those described in\nDSA-1790.\n\nThe Common Vulnerabilities and Exposures project identifies the\nfollowing problems:\n\nCVE-2009-0146\n\nMultiple buffer overflows in the JBIG2 decoder in kpdf allow\nremote attackers to cause a denial of service (crash) via a\ncrafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and\n(2) JBIG2Stream::readSymbolDictSeg.\n\nCVE-2009-0147\n\nMultiple integer overflows in the JBIG2 decoder in kpdf allow\nremote attackers to cause a denial of service (crash) via a\ncrafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg,\n(2) JBIG2Stream::readSymbolDictSeg, and (3)\nJBIG2Stream::readGenericBitmap.\n\nCVE-2009-0165\n\nInteger overflow in the JBIG2 decoder in kpdf has unspecified\nimpact related to g*allocn.\n\nCVE-2009-0166\n\nThe JBIG2 decoder in kpdf allows remote attackers to cause a\ndenial of service (crash) via a crafted PDF file that triggers a\nfree of uninitialized memory.\n\nCVE-2009-0799\n\nThe JBIG2 decoder in kpdf allows remote attackers to cause a\ndenial of service (crash) via a crafted PDF file that triggers an\nout-of-bounds read.\n\nCVE-2009-0800\n\nMultiple input validation flaws in the JBIG2 decoder in kpdf\nallow remote attackers to execute arbitrary code via a crafted PDF\nfile.\n\nCVE-2009-1179\n\nInteger overflow in the JBIG2 decoder in kpdf allows remote\nattackers to execute arbitrary code via a crafted PDF file.\n\nCVE-2009-1180\n\nThe JBIG2 decoder in kpdf allows remote attackers to execute\narbitrary code via a crafted PDF file that triggers a free of\ninvalid data.\n\nCVE-2009-1181\n\nThe JBIG2 decoder in kpdf allows remote attackers to cause a\ndenial of service (crash) via a crafted PDF file that triggers a\nNULL pointer dereference.\n\nCVE-2009-1182\n\nMultiple buffer overflows in the JBIG2 MMR decoder in kpdf allow\nremote attackers to execute arbitrary code via a crafted PDF file.\n\nCVE-2009-1183\n\nThe JBIG2 MMR decoder in kpdf allows remote attackers to cause a\ndenial of service (infinite loop and hang) via a crafted PDF file.\n\n\nWe recommend that you upgrade your kdegraphics packages.\";\ntag_summary = \"The remote host is missing an update to kdegraphics\nannounced via advisory DSA 1793-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201793-1\";\n\n\nif(description)\n{\n script_id(63958);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1793-1 (kdegraphics)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kdegraphics-doc-html\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kgamma\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kiconedit\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpdf\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kooka\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kolourpaint\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfaxview\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kuickshow\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kmrml\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kghostview\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kviewshell\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfax\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan-dev\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kcoloredit\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kview\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kruler\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kamera\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dev\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksnapshot\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-kfile-plugins\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan1\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dbg\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpovmodeler\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdvi\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksvg\", ver:\"3.5.5-3etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-doc-html\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kview\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dbg\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-dev\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kviewshell\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kruler\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kooka\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kuickshow\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdegraphics-kfile-plugins\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kolourpaint\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpovmodeler\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksnapshot\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfaxview\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kghostview\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdvi\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ksvg\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kcoloredit\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kamera\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan-dev\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kmrml\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kpdf\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kgamma\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkscan1\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kfax\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kiconedit\", ver:\"3.5.9-3+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:46", "description": "Check for the Version of cups", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for cups CESA-2009:0429 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880766", "href": "http://plugins.openvas.org/nasl.php?oid=880766", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2009:0429 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common UNIX\u00ae Printing System (CUPS) provides a portable printing layer\n for UNIX operating systems.\n\n Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n or, potentially, execute arbitrary code as the "lp" user if the file was\n printed. (CVE-2009-0147, CVE-2009-1179)\n \n Multiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n or, potentially, execute arbitrary code as the "lp" user if the file was\n printed. (CVE-2009-0146, CVE-2009-1182)\n \n Multiple flaws were found in the CUPS JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause CUPS to crash or, potentially, execute arbitrary code\n as the "lp" user if the file was printed. (CVE-2009-0166, CVE-2009-1180)\n \n Multiple input validation flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n or, potentially, execute arbitrary code as the "lp" user if the file was\n printed. (CVE-2009-0800)\n \n An integer overflow flaw, leading to a heap-based buffer overflow, was\n discovered in the Tagged Image File Format (TIFF) decoding routines used by\n the CUPS image-converting filters, "imagetops" and "imagetoraster". An\n attacker could create a malicious TIFF file that could, potentially,\n execute arbitrary code as the "lp" user if the file was printed.\n (CVE-2009-0163)\n \n Multiple denial of service flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n when printed. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n \n Red Hat would like to thank Aaron Sigel, Braden Thomas and Drew Yao of\n the Apple Product Security team, and Will Dormann of the CERT/CC for\n responsibly reporting these flaws.\n \n Users of cups are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n update, the cupsd daemon will be restarted automatically.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"cups on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-April/015794.html\");\n script_id(880766);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0429\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0166\",\n \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\",\n \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for cups CESA-2009:0429 centos5 i386\");\n\n script_summary(\"Check for the Version of cups\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~8.el5_3.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~8.el5_3.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~8.el5_3.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~8.el5_3.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:37", "description": "The remote host is missing an update to xpdf\nannounced via advisory MDVSA-2009:101.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:101 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:63915", "href": "http://plugins.openvas.org/nasl.php?oid=63915", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_101.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:101 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple buffer overflows in the JBIG2 decoder allows remote\nattackers to cause a denial of service (crash) via a crafted PDF file\n(CVE-2009-0146).\n\nMultiple integer overflows in the JBIG2 decoder allows remote\nattackers to cause a denial of service (crash) via a crafted PDF file\n(CVE-2009-0147).\n\nAn integer overflow in the JBIG2 decoder has unspecified\nimpact. (CVE-2009-0165).\n\nA free of uninitialized memory flaw in the the JBIG2 decoder allows\nremote to cause a denial of service (crash) via a crafted PDF file\n(CVE-2009-0166).\n\nMultiple input validation flaws in the JBIG2 decoder allows\nremote attackers to execute arbitrary code via a crafted PDF file\n(CVE-2009-0800).\n\nAn out-of-bounds read flaw in the JBIG2 decoder allows remote\nattackers to cause a denial of service (crash) via a crafted PDF file\n(CVE-2009-0799).\n\nAn integer overflow in the JBIG2 decoder allows remote attackers to\nexecute arbitrary code via a crafted PDF file (CVE-2009-1179).\n\nA free of invalid data flaw in the JBIG2 decoder allows remote\nattackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).\n\nA NULL pointer dereference flaw in the JBIG2 decoder allows remote\nattackers to cause denial of service (crash) via a crafted PDF file\n(CVE-2009-1181).\n\nMultiple buffer overflows in the JBIG2 MMR decoder allows remote\nattackers to cause denial of service or to execute arbitrary code\nvia a crafted PDF file (CVE-2009-1182, CVE-2009-1183).\n\nThis update provides fixes for that vulnerabilities.\n\nAffected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:101\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory MDVSA-2009:101.\";\n\n \n\nif(description)\n{\n script_id(63915);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0800\", \"CVE-2009-0799\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:101 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-common\", rpm:\"xpdf-common~3.02~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~8.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-common\", rpm:\"xpdf-common~3.02~10.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~12.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-common\", rpm:\"xpdf-common~3.02~12.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~0.2.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~0.2.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:06", "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 1790-1.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1790-1 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:63955", "href": "http://plugins.openvas.org/nasl.php?oid=63955", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1790_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1790-1 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been identified in xpdf, a suite of tools\nfor viewing and converting Portable Document Format (PDF) files.\n\nFor details on the issues addressed with this update, please visit\nthe referenced security advisories.\n\nFor the old stable distribution (etch), these problems have been fixed in version\n3.01-9.1+etch6.\n\nFor the stable distribution (lenny), these problems have been fixed in version\n3.02-1.4+lenny1.\n\nFor the unstable distribution (sid), these problems will be fixed in a\nforthcoming version.\n\nWe recommend that you upgrade your xpdf packages.\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory DSA 1790-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201790-1\";\n\n\nif(description)\n{\n script_id(63955);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1790-1 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xpdf-common\", ver:\"3.02-1.4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf\", ver:\"3.02-1.4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-reader\", ver:\"3.02-1.4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-utils\", ver:\"3.02-1.4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\n# The xpdf package of Debian 6.0 has the same version as in 5.0.\n# It is not vulnerable, but we need to run the check to have __pkg_match\n# be set so that we can report a proper \"not vulnerable\".\nif (report == \"\") {\n res = isdpkgvuln(pkg:\"xpdf-common\", ver:\"3.02-1.4\", rls:\"DEB6.0\");\n res = isdpkgvuln(pkg:\"xpdf\", ver:\"3.02-1.4\", rls:\"DEB6.0\");\n res = isdpkgvuln(pkg:\"xpdf-reader\", ver:\"3.02-1.4\", rls:\"DEB6.0\");\n res = isdpkgvuln(pkg:\"xpdf-utils\", ver:\"3.02-1.4\", rls:\"DEB6.0\");\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:59", "description": "The remote host is missing updates to cups announced in\nadvisory CESA-2009:0429.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0429 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64059", "href": "http://plugins.openvas.org/nasl.php?oid=64059", "sourceData": "#CESA-2009:0429 64059 2\n# $Id: ovcesa2009_0429.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0429 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0429\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0429\nhttps://rhn.redhat.com/errata/RHSA-2009-0429.html\";\ntag_summary = \"The remote host is missing updates to cups announced in\nadvisory CESA-2009:0429.\";\n\n\n\nif(description)\n{\n script_id(64059);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0429 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.22~0.rc1.9.27.el4_7.5\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:18", "description": "The remote host is missing updates to gpdf announced in\nadvisory CESA-2009:0458.", "cvss3": {}, "published": "2009-05-25T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0458 (gpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64062", "href": "http://plugins.openvas.org/nasl.php?oid=64062", "sourceData": "#CESA-2009:0458 64062 4\n# $Id: ovcesa2009_0458.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0458 (gpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0458\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0458\nhttps://rhn.redhat.com/errata/RHSA-2009-0458.html\";\ntag_summary = \"The remote host is missing updates to gpdf announced in\nadvisory CESA-2009:0458.\";\n\n\n\nif(description)\n{\n script_id(64062);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0458 (gpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_7.4\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:37", "description": "Check for the Version of gpdf", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for gpdf CESA-2009:0458 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880900", "href": "http://plugins.openvas.org/nasl.php?oid=880900", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gpdf CESA-2009:0458 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"GPdf is a viewer for Portable Document Format (PDF) files.\n\n Multiple integer overflow flaws were found in GPdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause GPdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0147,\n CVE-2009-1179)\n \n Multiple buffer overflow flaws were found in GPdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause GPdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0146,\n CVE-2009-1182)\n \n Multiple flaws were found in GPdf's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause GPdf to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-0166, CVE-2009-1180)\n \n Multiple input validation flaws were found in GPdf's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause GPdf to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n \n Multiple denial of service flaws were found in GPdf's JBIG2 decoder. An\n attacker could create a malicious PDF that would cause GPdf to crash when\n opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n \n Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\n Security team, and Will Dormann of the CERT/CC for responsibly reporting\n these flaws.\n \n Users are advised to upgrade to this updated package, which contains\n backported patches to correct these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"gpdf on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015924.html\");\n script_id(880900);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0458\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\",\n \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\",\n \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for gpdf CESA-2009:0458 centos4 i386\");\n\n script_summary(\"Check for the Version of gpdf\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_7.4\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:42", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xpdf-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for xpdf", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65810", "href": "http://plugins.openvas.org/nasl.php?oid=65810", "sourceData": "#\n#VID slesp2-xpdf-6177\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for xpdf\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n xpdf-tools\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65810);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0165\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for xpdf\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.01~21.16\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:27", "description": "The remote host is missing an update to xpdf\nannounced via advisory DSA 1790-1.", "cvss3": {}, "published": "2009-05-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 1790-1 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063955", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063955", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1790_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1790-1 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been identified in xpdf, a suite of tools\nfor viewing and converting Portable Document Format (PDF) files.\n\nFor details on the issues addressed with this update, please visit\nthe referenced security advisories.\n\nFor the old stable distribution (etch), these problems have been fixed in version\n3.01-9.1+etch6.\n\nFor the stable distribution (lenny), these problems have been fixed in version\n3.02-1.4+lenny1.\n\nFor the unstable distribution (sid), these problems will be fixed in a\nforthcoming version.\n\nWe recommend that you upgrade your xpdf packages.\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory DSA 1790-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201790-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63955\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-11 20:24:31 +0200 (Mon, 11 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1790-1 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"xpdf-common\", ver:\"3.02-1.4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf\", ver:\"3.02-1.4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-reader\", ver:\"3.02-1.4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xpdf-utils\", ver:\"3.02-1.4+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\n# The xpdf package of Debian 6.0 has the same version as in 5.0.\n# It is not vulnerable, but we need to run the check to have __pkg_match\n# be set so that we can report a proper \"not vulnerable\".\nif (report == \"\") {\n res = isdpkgvuln(pkg:\"xpdf-common\", ver:\"3.02-1.4\", rls:\"DEB6.0\");\n res = isdpkgvuln(pkg:\"xpdf\", ver:\"3.02-1.4\", rls:\"DEB6.0\");\n res = isdpkgvuln(pkg:\"xpdf-reader\", ver:\"3.02-1.4\", rls:\"DEB6.0\");\n res = isdpkgvuln(pkg:\"xpdf-utils\", ver:\"3.02-1.4\", rls:\"DEB6.0\");\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for cups CESA-2009:0429 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880766", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880766", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for cups CESA-2009:0429 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-April/015794.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880766\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:0429\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0166\",\n \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\",\n \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_name(\"CentOS Update for cups CESA-2009:0429 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cups'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"cups on CentOS 5\");\n script_tag(name:\"insight\", value:\"The Common UNIX\u00ae Printing System (CUPS) provides a portable printing layer\n for UNIX operating systems.\n\n Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n or, potentially, execute arbitrary code as the 'lp' user if the file was\n printed. (CVE-2009-0147, CVE-2009-1179)\n\n Multiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n or, potentially, execute arbitrary code as the 'lp' user if the file was\n printed. (CVE-2009-0146, CVE-2009-1182)\n\n Multiple flaws were found in the CUPS JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause CUPS to crash or, potentially, execute arbitrary code\n as the 'lp' user if the file was printed. (CVE-2009-0166, CVE-2009-1180)\n\n Multiple input validation flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n or, potentially, execute arbitrary code as the 'lp' user if the file was\n printed. (CVE-2009-0800)\n\n An integer overflow flaw, leading to a heap-based buffer overflow, was\n discovered in the Tagged Image File Format (TIFF) decoding routines used by\n the CUPS image-converting filters, 'imagetops' and 'imagetoraster'. An\n attacker could create a malicious TIFF file that could, potentially,\n execute arbitrary code as the 'lp' user if the file was printed.\n (CVE-2009-0163)\n\n Multiple denial of service flaws were found in the CUPS JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause CUPS to crash\n when printed. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\n Red Hat would like to thank Aaron Sigel, Braden Thomas and Drew Yao of\n the Apple Product Security team, and Will Dormann of the CERT/CC for\n responsibly reporting these flaws.\n\n Users of cups are advised to upgrade to these updated packages, which\n contain backported patches to correct these issues. After installing the\n update, the cupsd daemon will be restarted automatically.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~8.el5_3.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~8.el5_3.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~8.el5_3.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~8.el5_3.4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:37:46", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdegraphics3\n kdegraphics3-devel\n kdegraphics3-extra\n kdegraphics3-fax\n kdegraphics3-pdf\n kdegraphics3-postscript\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for kdegraphics3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065835", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065835", "sourceData": "#\n#VID slesp2-kdegraphics3-6283\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for kdegraphics3\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n kdegraphics3\n kdegraphics3-devel\n kdegraphics3-extra\n kdegraphics3-fax\n kdegraphics3-pdf\n kdegraphics3-postscript\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65835\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for kdegraphics3\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"kdegraphics3\", rpm:\"kdegraphics3~3.5.1~23.24\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics3-devel\", rpm:\"kdegraphics3-devel~3.5.1~23.24\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics3-extra\", rpm:\"kdegraphics3-extra~3.5.1~23.24\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics3-fax\", rpm:\"kdegraphics3-fax~3.5.1~23.24\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics3-pdf\", rpm:\"kdegraphics3-pdf~3.5.1~23.24\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kdegraphics3-postscript\", rpm:\"kdegraphics3-postscript~3.5.1~23.24\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:46", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0458.\n\nGPdf is a viewer for Portable Document Format (PDF) files.\n\nMultiple integer overflow flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause GPdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0147,\nCVE-2009-1179)\n\nMultiple buffer overflow flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause GPdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0146,\nCVE-2009-1182)\n\nMultiple flaws were found in GPdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause GPdf to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause GPdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF that would cause GPdf to crash when\nopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0458", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63910", "href": "http://plugins.openvas.org/nasl.php?oid=63910", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0458.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0458 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0458.\n\nGPdf is a viewer for Portable Document Format (PDF) files.\n\nMultiple integer overflow flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause GPdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0147,\nCVE-2009-1179)\n\nMultiple buffer overflow flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause GPdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0146,\nCVE-2009-1182)\n\nMultiple flaws were found in GPdf's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause GPdf to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause GPdf to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in GPdf's JBIG2 decoder. An\nattacker could create a malicious PDF that would cause GPdf to crash when\nopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to this updated package, which contains\nbackported patches to correct these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63910);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 16:00:35 +0200 (Tue, 05 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0458\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0458.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gpdf\", rpm:\"gpdf~2.8.2~7.7.2.el4_7.4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gpdf-debuginfo\", rpm:\"gpdf-debuginfo~2.8.2~7.7.2.el4_7.4\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:04", "description": "The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-6973.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-6973 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064300", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064300", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6973.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6973 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nAn update to address jbig2-related security issues.\nChangeLog:\n\n* Fri Jan 23 2009 Rex Dieter - 0.8.7-6\n- use backported jbig2_security patch from debian/ubuntu\n- poppler-data-0.2.1\n- --enable-libjpeg (speed)\n- track sonames\n* Tue Jan 20 2009 Rex Dieter - 0.8.7-5\n- patch to workaround okular rendering hyperlinks (#480357)\n- add needed scriptlets\n- nuke rpaths\n* Sun Jan 4 2009 Matthias Clasen - 0.8.7-4\n- Fix a problem with large images\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update poppler' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6973\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-6973.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64300\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-6973 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496942\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib-devel\", rpm:\"poppler-glib-devel~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt-devel\", rpm:\"poppler-qt-devel~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4\", rpm:\"poppler-qt4~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4-devel\", rpm:\"poppler-qt4-devel~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:33", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:024.", "cvss3": {}, "published": "2009-04-28T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:024 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063889", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063889", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_024.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:024 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common Unix Printing System, CUPS, is a printing server for unix-like\noperating systems. It allows a local user to print documents as well as\nremote users via port 631/tcp.\n\nThere were two security vulnerabilities fixed in cups.\n\nThe first one can be triggered by a specially crafted tiff file. This\nfile could lead to an integer overflow in the 'imagetops' filter which\ncaused an heap overflow later.\nThis bug is probably exploitable remotely by users having remote access\nto the CUPS server and allows the execution of arbitrary code with the\nprivileges of the cupsd process. (CVE-2009-0163)\n\nThe second issue affects the JBIG2 decoding of the 'pdftops' filter.\nThe JBIG2 decoding routines are vulnerable to various software failure\ntypes like integer and buffer overflows and it is believed to be exploit-\nable remotely to execute arbitrary code with the privileges of the cupsd\nprocess.\n(CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799,\nCVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182,\nCVE-2009-1183)\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:024\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:024.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63889\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:024 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debugsource\", rpm:\"cups-debugsource~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debugsource\", rpm:\"cups-debugsource~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs-64bit\", rpm:\"cups-libs-64bit~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs-64bit\", rpm:\"cups-libs-64bit~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs-64bit\", rpm:\"cups-libs-64bit~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:56:16", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5047860 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for CUPS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65449", "href": "http://plugins.openvas.org/nasl.php?oid=65449", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5047860.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for CUPS\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5047860 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65449);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-0163\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for CUPS\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.58\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:16", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for CUPS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065769", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065769", "sourceData": "#\n#VID slesp2-cups-6174\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for CUPS\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65769\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0163\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for CUPS\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.23~40.52\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.23~40.52\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.23~40.52\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.23~40.52\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:11", "description": "The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-6972.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-6972 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64401", "href": "http://plugins.openvas.org/nasl.php?oid=64401", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6972.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6972 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nAn update to the latest stable upstream release fixing many bugs, as well as\naddressing several security issues. Release announcement,\nhttp://lists.freedesktop.org/archives/poppler/2009-May/004721.html\n\nChangeLog:\n\n* Mon Jun 22 2009 Rex Dieter - 0.10.7-2\n- reduce lib deps in qt/qt4 pkg-config support\n* Fri Jun 19 2009 Rex Dieter - 0.10.7-1\n- Update to 0.10.7\n- --enable-libjpeg --enable-libopenjpeg\n- (explicitly) --disable-zlib\n- %files: track sonames\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update poppler' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6972\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-6972.\";\n\n\n\nif(description)\n{\n script_id(64401);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-6972 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496944\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib-devel\", rpm:\"poppler-glib-devel~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt-devel\", rpm:\"poppler-qt-devel~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4\", rpm:\"poppler-qt4~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4-devel\", rpm:\"poppler-qt4-devel~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:39", "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:024.", "cvss3": {}, "published": "2009-04-28T00:00:00", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:024 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:63889", "href": "http://plugins.openvas.org/nasl.php?oid=63889", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_024.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:024 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Common Unix Printing System, CUPS, is a printing server for unix-like\noperating systems. It allows a local user to print documents as well as\nremote users via port 631/tcp.\n\nThere were two security vulnerabilities fixed in cups.\n\nThe first one can be triggered by a specially crafted tiff file. This\nfile could lead to an integer overflow in the 'imagetops' filter which\ncaused an heap overflow later.\nThis bug is probably exploitable remotely by users having remote access\nto the CUPS server and allows the execution of arbitrary code with the\nprivileges of the cupsd process. (CVE-2009-0163)\n\nThe second issue affects the JBIG2 decoding of the 'pdftops' filter.\nThe JBIG2 decoding routines are vulnerable to various software failure\ntypes like integer and buffer overflows and it is believed to be exploit-\nable remotely to execute arbitrary code with the privileges of the cupsd\nprocess.\n(CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0799,\nCVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182,\nCVE-2009-1183)\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:024\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:024.\";\n\n \n\nif(description)\n{\n script_id(63889);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-28 20:40:12 +0200 (Tue, 28 Apr 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:024 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debugsource\", rpm:\"cups-debugsource~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debuginfo\", rpm:\"cups-debuginfo~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-debugsource\", rpm:\"cups-debugsource~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs-64bit\", rpm:\"cups-libs-64bit~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs-64bit\", rpm:\"cups-libs-64bit~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs-64bit\", rpm:\"cups-libs-64bit~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.3.9~7.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.3.7~25.8\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs-32bit\", rpm:\"cups-libs-32bit~1.2.12~22.21\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:27", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5047860 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-10T00:00:00", "type": "openvas", "title": "SLES9: Security update for CUPS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065449", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065449", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5047860.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for CUPS\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5047860 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65449\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2009-0163\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for CUPS\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~108.58\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:38", "description": "The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-6972.", "cvss3": {}, "published": "2009-07-29T00:00:00", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-6972 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064401", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064401", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6972.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6972 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nAn update to the latest stable upstream release fixing many bugs, as well as\naddressing several security issues. Release announcement,\nhttp://lists.freedesktop.org/archives/poppler/2009-May/004721.html\n\nChangeLog:\n\n* Mon Jun 22 2009 Rex Dieter - 0.10.7-2\n- reduce lib deps in qt/qt4 pkg-config support\n* Fri Jun 19 2009 Rex Dieter - 0.10.7-1\n- Update to 0.10.7\n- --enable-libjpeg --enable-libopenjpeg\n- (explicitly) --disable-zlib\n- %files: track sonames\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update poppler' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6972\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-6972.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64401\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-07-29 19:28:37 +0200 (Wed, 29 Jul 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-6972 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496944\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib-devel\", rpm:\"poppler-glib-devel~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt-devel\", rpm:\"poppler-qt-devel~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4\", rpm:\"poppler-qt4~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4-devel\", rpm:\"poppler-qt4-devel~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.10.7~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:20", "description": "The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-6973.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-6973 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64300", "href": "http://plugins.openvas.org/nasl.php?oid=64300", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6973.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6973 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nAn update to address jbig2-related security issues.\nChangeLog:\n\n* Fri Jan 23 2009 Rex Dieter - 0.8.7-6\n- use backported jbig2_security patch from debian/ubuntu\n- poppler-data-0.2.1\n- --enable-libjpeg (speed)\n- track sonames\n* Tue Jan 20 2009 Rex Dieter - 0.8.7-5\n- patch to workaround okular rendering hyperlinks (#480357)\n- add needed scriptlets\n- nuke rpaths\n* Sun Jan 4 2009 Matthias Clasen - 0.8.7-4\n- Fix a problem with large images\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update poppler' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6973\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-6973.\";\n\n\n\nif(description)\n{\n script_id(64300);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-6973 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496942\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib-devel\", rpm:\"poppler-glib-devel~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt-devel\", rpm:\"poppler-qt-devel~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4\", rpm:\"poppler-qt4~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4-devel\", rpm:\"poppler-qt4-devel~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.8.7~6.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:53", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for CUPS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65769", "href": "http://plugins.openvas.org/nasl.php?oid=65769", "sourceData": "#\n#VID slesp2-cups-6174\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for CUPS\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n cups\n cups-client\n cups-devel\n cups-libs\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65769);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0163\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for CUPS\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.23~40.52\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-client\", rpm:\"cups-client~1.1.23~40.52\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.1.23~40.52\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.1.23~40.52\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:21", "description": "The PDF viewer Xpdf is prone to multiple vulnerabilities on Linux\n systems that can lead to arbitrary code execution.", "cvss3": {}, "published": "2009-05-06T00:00:00", "type": "openvas", "title": "Xpdf Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2019-04-29T00:00:00", "id": "OPENVAS:1361412562310900457", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900457", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Xpdf Multiple Vulnerabilities\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/a:foolabs:xpdf';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900457\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-05-06 08:04:28 +0200 (Wed, 06 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_bugtraq_id(34568, 34791);\n script_cve_id(\"CVE-2009-0195\", \"CVE-2009-0166\", \"CVE-2009-0147\", \"CVE-2009-0146\",\n \"CVE-2009-1183\", \"CVE-2009-1182\", \"CVE-2009-1181\", \"CVE-2009-1179\",\n \"CVE-2009-0800\", \"CVE-2009-1180\", \"CVE-2009-0799\", \"CVE-2009-0165\");\n script_name(\"Xpdf Multiple Vulnerabilities\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_xpdf_detect.nasl\");\n script_mandatory_keys(\"Xpdf/Linux/Ver\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker craft a malicious PDF File and\n execute arbitrary codes into the context of the affected application to cause\n denial of service attacks, buffer overflow attacks, remote code executions etc.\");\n script_tag(name:\"affected\", value:\"Xpdf version 3.02 and prior on Linux.\");\n script_tag(name:\"insight\", value:\"- Integer overflow in Xpdf JBIG2 Decoder which allows the attacker create a\n malicious crafted PDF File and causes code execution.\n\n - Flaws in Xpdf JBIG2 Decoder which causes buffer overflow, freeing of\n arbitrary memory causing Xpdf application to crash.\");\n script_tag(name:\"solution\", value:\"Apply Xpdf v3.02 pl3 patch.\");\n script_tag(name:\"summary\", value:\"The PDF viewer Xpdf is prone to multiple vulnerabilities on Linux\n systems that can lead to arbitrary code execution.\");\n script_tag(name:\"vuldetect\", value:\"This test uses the xpdf detection results and checks version of each binary\n found on the target system. Version 3.02 and prior will raise a security alert.\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/34755\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495896\");\n script_xref(name:\"URL\", value:\"http://www.redhat.com/support/errata/RHSA-2009-0430.html\");\n script_xref(name:\"URL\", value:\"ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!ver = get_app_version(cpe:CPE))\n exit(0);\n\nif(version_is_less_equal(version:ver, test_version:\"3.02\")){\n report = report_fixed_ver(installed_version:ver, fixed_version:\"3.02 pl3\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:54", "description": "Oracle Linux Local Security Checks ELSA-2009-0429", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-0429", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122493", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122493", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-0429.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122493\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:46:36 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-0429\");\n script_tag(name:\"insight\", value:\"ELSA-2009-0429 - cups security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-0429\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-0429.html\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.7~8.el5_3.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-devel\", rpm:\"cups-devel~1.3.7~8.el5_3.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-libs\", rpm:\"cups-libs~1.3.7~8.el5_3.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"cups-lpd\", rpm:\"cups-lpd~1.3.7~8.el5_3.4\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for poppler CESA-2009:0480 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880707", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880707", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for poppler CESA-2009:0480 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2009-May/015865.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880707\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2009:0480\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\");\n script_name(\"CentOS Update for poppler CESA-2009:0480 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'poppler'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"poppler on CentOS 5\");\n script_tag(name:\"insight\", value:\"Poppler is a Portable Document Format (PDF) rendering library, used by\n applications such as Evince.\n\n Multiple integer overflow flaws were found in poppler. An attacker could\n create a malicious PDF file that would cause applications that use poppler\n (such as Evince) to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188)\n\n Multiple buffer overflow flaws were found in poppler's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause applications\n that use poppler (such as Evince) to crash or, potentially, execute\n arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182)\n\n Multiple flaws were found in poppler's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause applications that use poppler (such as Evince) to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0166,\n CVE-2009-1180)\n\n Multiple input validation flaws were found in poppler's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause applications\n that use poppler (such as Evince) to crash or, potentially, execute\n arbitrary code when opened. (CVE-2009-0800)\n\n Multiple denial of service flaws were found in poppler's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause applications\n that use poppler (such as Evince) to crash when opened. (CVE-2009-0799,\n CVE-2009-1181, CVE-2009-1183)\n\n Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\n Security team, and Will Dormann of the CERT/CC for responsibly reporting\n these flaws.\n\n Users are advised to upgrade to these updated packages, which contain\n backported patches to resolve these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_3.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_3.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_3.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-04-06T11:39:45", "description": "The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-6982.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-6982 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2008-2950", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064302", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064302", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6982.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6982 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nAn update to address jbig2-related security issues.\n\nChangeLog:\n\n* Fri Jan 23 2009 Rex Dieter - 0.8.7-2\n- use backported jbig2_security patch from debian/ubuntu (#496943)\n- poppler-data-0.2.1\n- --enable-libjpeg (speed)\n- track sonames\n- patch to workaround okular rendering hyperlinks (#480357)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update poppler' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6982\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-6982.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64302\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2008-2950\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-6982 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496943\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib-devel\", rpm:\"poppler-glib-devel~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt-devel\", rpm:\"poppler-qt-devel~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4\", rpm:\"poppler-qt4~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4-devel\", rpm:\"poppler-qt4-devel~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:02", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libpoppler4\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for libpoppler4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0755", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0756", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065679", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065679", "sourceData": "#\n#VID f27d99aa7f35ddbc6bc5e4ac681ee974\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libpoppler4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libpoppler4\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=487100\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=387770\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=481795\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.65679\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-0755\", \"CVE-2009-0756\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for libpoppler4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpoppler4\", rpm:\"libpoppler4~0.10.1~1.30.5\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:37", "description": "Check for the Version of poppler", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for poppler CESA-2009:0480 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880707", "href": "http://plugins.openvas.org/nasl.php?oid=880707", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for poppler CESA-2009:0480 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Poppler is a Portable Document Format (PDF) rendering library, used by\n applications such as Evince.\n\n Multiple integer overflow flaws were found in poppler. An attacker could\n create a malicious PDF file that would cause applications that use poppler\n (such as Evince) to crash or, potentially, execute arbitrary code when\n opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188)\n \n Multiple buffer overflow flaws were found in poppler's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause applications\n that use poppler (such as Evince) to crash or, potentially, execute\n arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182)\n \n Multiple flaws were found in poppler's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. An attacker could create a malicious PDF file\n that would cause applications that use poppler (such as Evince) to crash\n or, potentially, execute arbitrary code when opened. (CVE-2009-0166,\n CVE-2009-1180)\n \n Multiple input validation flaws were found in poppler's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause applications\n that use poppler (such as Evince) to crash or, potentially, execute\n arbitrary code when opened. (CVE-2009-0800)\n \n Multiple denial of service flaws were found in poppler's JBIG2 decoder. An\n attacker could create a malicious PDF file that would cause applications\n that use poppler (such as Evince) to crash when opened. (CVE-2009-0799,\n CVE-2009-1181, CVE-2009-1183)\n \n Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\n Security team, and Will Dormann of the CERT/CC for responsibly reporting\n these flaws.\n \n Users are advised to upgrade to these updated packages, which contain\n backported patches to resolve these issues.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"poppler on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-May/015865.html\");\n script_id(880707);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:0480\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\");\n script_name(\"CentOS Update for poppler CESA-2009:0480 centos5 i386\");\n\n script_summary(\"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_3.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_3.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_3.9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:54", "description": "The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-6982.", "cvss3": {}, "published": "2009-06-30T00:00:00", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-6982 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2008-2950", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64302", "href": "http://plugins.openvas.org/nasl.php?oid=64302", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_6982.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-6982 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nAn update to address jbig2-related security issues.\n\nChangeLog:\n\n* Fri Jan 23 2009 Rex Dieter - 0.8.7-2\n- use backported jbig2_security patch from debian/ubuntu (#496943)\n- poppler-data-0.2.1\n- --enable-libjpeg (speed)\n- track sonames\n- patch to workaround okular rendering hyperlinks (#480357)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update poppler' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-6982\";\ntag_summary = \"The remote host is missing an update to poppler\nannounced via advisory FEDORA-2009-6982.\";\n\n\n\nif(description)\n{\n script_id(64302);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2008-2950\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Core 9 FEDORA-2009-6982 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=496943\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib-devel\", rpm:\"poppler-glib-devel~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt-devel\", rpm:\"poppler-qt-devel~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4\", rpm:\"poppler-qt4~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt4-devel\", rpm:\"poppler-qt4-devel~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.8.7~2.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:57:15", "description": "The remote host is missing updates to poppler announced in\nadvisory CESA-2009:0480.", "cvss3": {}, "published": "2009-05-20T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0480 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:64011", "href": "http://plugins.openvas.org/nasl.php?oid=64011", "sourceData": "#CESA-2009:0480 64011 2\n# $Id: ovcesa2009_0480.nasl 6650 2017-07-10 11:43:12Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0480 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0480\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0480\nhttps://rhn.redhat.com/errata/RHSA-2009-0480.html\";\ntag_summary = \"The remote host is missing updates to poppler announced in\nadvisory CESA-2009:0480.\";\n\n\n\nif(description)\n{\n script_id(64011);\n script_version(\"$Revision: 6650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:43:12 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0480 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_3.9\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_3.9\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_3.9\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-11T11:04:14", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-973-1", "cvss3": {}, "published": "2010-08-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for koffice vulnerabilities USN-973-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-01-10T00:00:00", "id": "OPENVAS:1361412562310840481", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840481", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_973_1.nasl 8356 2018-01-10 08:00:39Z teissa $\n#\n# Ubuntu Update for koffice vulnerabilities USN-973-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the\n Xpdf used in KOffice contained multiple security issues in its JBIG2\n decoder. If a user or automated system were tricked into opening a crafted\n PDF file, an attacker could cause a denial of service or execute arbitrary\n code with privileges of the user invoking the program. (CVE-2009-0146,\n CVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179,\n CVE-2009-1180, CVE-2009-1181)\n\n It was discovered that the Xpdf used in KOffice contained multiple security\n issues when parsing malformed PDF documents. If a user or automated system\n were tricked into opening a crafted PDF file, an attacker could cause a\n denial of service or execute arbitrary code with privileges of the user\n invoking the program. (CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\n KOffice in Ubuntu 9.04 uses a very old version of Xpdf to import PDFs into\n KWord. Upstream KDE no longer supports PDF import in KOffice and as a\n result it was dropped in Ubuntu 9.10. While an attempt was made to fix the\n above issues, the maintenance burden for supporting this very old version\n of Xpdf outweighed its utility, and PDF import is now also disabled in\n Ubuntu 9.04.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-973-1\";\ntag_affected = \"koffice vulnerabilities on Ubuntu 9.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-973-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840481\");\n script_version(\"$Revision: 8356 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 09:00:39 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"973-1\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"Ubuntu Update for koffice vulnerabilities USN-973-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"karbon\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kchart\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kexi\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kformula\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kivio\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice-dbg\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice-dev\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice-libs\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koshell\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kplato\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kpresenter\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krita\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kspread\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kthesaurus\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kugar\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kword\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kivio-data\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice-data\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice-doc-html\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice-doc\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kpresenter-data\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krita-data\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kword-data\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:55:44", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0480.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nMultiple integer overflow flaws were found in poppler. An attacker could\ncreate a malicious PDF file that would cause applications that use poppler\n(such as Evince) to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188)\n\nMultiple buffer overflow flaws were found in poppler's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause applications\nthat use poppler (such as Evince) to crash or, potentially, execute\narbitrary code when opened. (CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in poppler's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause applications that use poppler (such as Evince) to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0166,\nCVE-2009-1180)\n\nMultiple input validation flaws were found in poppler's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause applications\nthat use poppler (such as Evince) to crash or, potentially, execute\narbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in poppler's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause applications\nthat use poppler (such as Evince) to crash when opened. (CVE-2009-0799,\nCVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "cvss3": {}, "published": "2009-05-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0480", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-12T00:00:00", "id": "OPENVAS:63975", "href": "http://plugins.openvas.org/nasl.php?oid=63975", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0480.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0480 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0480.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nMultiple integer overflow flaws were found in poppler. An attacker could\ncreate a malicious PDF file that would cause applications that use poppler\n(such as Evince) to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188)\n\nMultiple buffer overflow flaws were found in poppler's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause applications\nthat use poppler (such as Evince) to crash or, potentially, execute\narbitrary code when opened. (CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in poppler's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause applications that use poppler (such as Evince) to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0166,\nCVE-2009-1180)\n\nMultiple input validation flaws were found in poppler's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause applications\nthat use poppler (such as Evince) to crash or, potentially, execute\narbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in poppler's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause applications\nthat use poppler (such as Evince) to crash when opened. (CVE-2009-0799,\nCVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(63975);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0480\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0480.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_3.9\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.5.4~4.4.el5_3.9\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_3.9\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_3.9\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:43", "description": "The remote host is missing updates to poppler announced in\nadvisory CESA-2009:0480.", "cvss3": {}, "published": "2009-05-20T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:0480 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231064011", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064011", "sourceData": "#CESA-2009:0480 64011 2\n# $Id: ovcesa2009_0480.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:0480 (poppler)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:0480\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:0480\nhttps://rhn.redhat.com/errata/RHSA-2009-0480.html\";\ntag_summary = \"The remote host is missing updates to poppler announced in\nadvisory CESA-2009:0480.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64011\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:0480 (poppler)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_3.9\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_3.9\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_3.9\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:11", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n poppler\n poppler-glib\n poppler-qt\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for poppler", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0755", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0756", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65775", "href": "http://plugins.openvas.org/nasl.php?oid=65775", "sourceData": "#\n#VID slesp2-poppler-6315\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for poppler\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n poppler\n poppler-glib\n poppler-qt\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65775);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-0755\", \"CVE-2009-0756\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for poppler\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.4.4~19.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.4.4~19.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.4.4~19.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:32", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:0480.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nMultiple integer overflow flaws were found in poppler. An attacker could\ncreate a malicious PDF file that would cause applications that use poppler\n(such as Evince) to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188)\n\nMultiple buffer overflow flaws were found in poppler's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause applications\nthat use poppler (such as Evince) to crash or, potentially, execute\narbitrary code when opened. (CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in poppler's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause applications that use poppler (such as Evince) to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0166,\nCVE-2009-1180)\n\nMultiple input validation flaws were found in poppler's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause applications\nthat use poppler (such as Evince) to crash or, potentially, execute\narbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in poppler's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause applications\nthat use poppler (such as Evince) to crash when opened. (CVE-2009-0799,\nCVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "cvss3": {}, "published": "2009-05-20T00:00:00", "type": "openvas", "title": "RedHat Security Advisory RHSA-2009:0480", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231063975", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063975", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_0480.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:0480 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:0480.\n\nPoppler is a Portable Document Format (PDF) rendering library, used by\napplications such as Evince.\n\nMultiple integer overflow flaws were found in poppler. An attacker could\ncreate a malicious PDF file that would cause applications that use poppler\n(such as Evince) to crash or, potentially, execute arbitrary code when\nopened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188)\n\nMultiple buffer overflow flaws were found in poppler's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause applications\nthat use poppler (such as Evince) to crash or, potentially, execute\narbitrary code when opened. (CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in poppler's JBIG2 decoder that could lead to the\nfreeing of arbitrary memory. An attacker could create a malicious PDF file\nthat would cause applications that use poppler (such as Evince) to crash\nor, potentially, execute arbitrary code when opened. (CVE-2009-0166,\nCVE-2009-1180)\n\nMultiple input validation flaws were found in poppler's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause applications\nthat use poppler (such as Evince) to crash or, potentially, execute\narbitrary code when opened. (CVE-2009-0800)\n\nMultiple denial of service flaws were found in poppler's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause applications\nthat use poppler (such as Evince) to crash when opened. (CVE-2009-0799,\nCVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product\nSecurity team, and Will Dormann of the CERT/CC for responsibly reporting\nthese flaws.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63975\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:0480\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-0480.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#important\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_3.9\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-debuginfo\", rpm:\"poppler-debuginfo~0.5.4~4.4.el5_3.9\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_3.9\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_3.9\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:08", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libpoppler4\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-11T00:00:00", "type": "openvas", "title": "SLES11: Security update for libpoppler4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0755", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0756", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-11T00:00:00", "id": "OPENVAS:65679", "href": "http://plugins.openvas.org/nasl.php?oid=65679", "sourceData": "#\n#VID f27d99aa7f35ddbc6bc5e4ac681ee974\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libpoppler4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libpoppler4\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=487100\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=387770\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=481795\");\n script_id(65679);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-11 22:58:51 +0200 (Sun, 11 Oct 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-0755\", \"CVE-2009-0756\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES11: Security update for libpoppler4\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libpoppler4\", rpm:\"libpoppler4~0.10.1~1.30.5\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:17:43", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-973-1", "cvss3": {}, "published": "2010-08-20T00:00:00", "type": "openvas", "title": "Ubuntu Update for koffice vulnerabilities USN-973-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-12-01T00:00:00", "id": "OPENVAS:840481", "href": "http://plugins.openvas.org/nasl.php?oid=840481", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_973_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for koffice vulnerabilities USN-973-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the\n Xpdf used in KOffice contained multiple security issues in its JBIG2\n decoder. If a user or automated system were tricked into opening a crafted\n PDF file, an attacker could cause a denial of service or execute arbitrary\n code with privileges of the user invoking the program. (CVE-2009-0146,\n CVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179,\n CVE-2009-1180, CVE-2009-1181)\n\n It was discovered that the Xpdf used in KOffice contained multiple security\n issues when parsing malformed PDF documents. If a user or automated system\n were tricked into opening a crafted PDF file, an attacker could cause a\n denial of service or execute arbitrary code with privileges of the user\n invoking the program. (CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)\n\n KOffice in Ubuntu 9.04 uses a very old version of Xpdf to import PDFs into\n KWord. Upstream KDE no longer supports PDF import in KOffice and as a\n result it was dropped in Ubuntu 9.10. While an attempt was made to fix the\n above issues, the maintenance burden for supporting this very old version\n of Xpdf outweighed its utility, and PDF import is now also disabled in\n Ubuntu 9.04.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-973-1\";\ntag_affected = \"koffice vulnerabilities on Ubuntu 9.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-973-1/\");\n script_id(840481);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-20 14:57:11 +0200 (Fri, 20 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"973-1\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_name(\"Ubuntu Update for koffice vulnerabilities USN-973-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"karbon\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kchart\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kexi\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kformula\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kivio\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice-dbg\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice-dev\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice-libs\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koshell\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kplato\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kpresenter\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krita\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kspread\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kthesaurus\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kugar\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kword\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kivio-data\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice-data\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice-doc-html\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice-doc\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"koffice\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kpresenter-data\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"krita-data\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"kword-data\", ver:\"1.6.3-7ubuntu6.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:11", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n poppler\n poppler-glib\n poppler-qt\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "cvss3": {}, "published": "2009-10-13T00:00:00", "type": "openvas", "title": "SLES10: Security update for poppler", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0755", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0756", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231065775", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065775", "sourceData": "#\n#VID slesp2-poppler-6315\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for poppler\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n poppler\n poppler-glib\n poppler-qt\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65775\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-0755\", \"CVE-2009-0756\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES10: Security update for poppler\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.4.4~19.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-glib\", rpm:\"poppler-glib~0.4.4~19.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler-qt\", rpm:\"poppler-qt~0.4.4~19.23\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:52", "description": "The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-10694.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-10694 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:66094", "href": "http://plugins.openvas.org/nasl.php?oid=66094", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10694.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10694 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n- apply xpdf-3.02pl4 security patch to fix: CVE-2009-1188/CVE-2009-3603,\nCVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609\n\nChangeLog:\n\n* Fri Oct 16 2009 Tom spot Callaway - 1:3.02-15\n- apply xpdf-3.02pl4 security patch to fix:\nCVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606\nCVE-2009-3608, CVE-2009-3609\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xpdf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10694\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-10694.\";\n\n\n\nif(description)\n{\n script_id(66094);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2009-3605\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-10694 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495907\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526911\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526877\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526637\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526893\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~15.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.02~15.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:39", "description": "The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-10694.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-10694 (xpdf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066094", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066094", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10694.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10694 (xpdf)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n- apply xpdf-3.02pl4 security patch to fix: CVE-2009-1188/CVE-2009-3603,\nCVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609\n\nChangeLog:\n\n* Fri Oct 16 2009 Tom spot Callaway - 1:3.02-15\n- apply xpdf-3.02pl4 security patch to fix:\nCVE-2009-3603, CVE-2009-3604, CVE-2009-3605, CVE-2009-3606\nCVE-2009-3608, CVE-2009-3609\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update xpdf' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10694\";\ntag_summary = \"The remote host is missing an update to xpdf\nannounced via advisory FEDORA-2009-10694.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66094\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2009-3605\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-10694 (xpdf)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=495907\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526911\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526877\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526637\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=526893\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~15.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-debuginfo\", rpm:\"xpdf-debuginfo~3.02~15.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:18", "description": "Oracle Linux Local Security Checks ELSA-2009-0480", "cvss3": {}, "published": "2015-10-08T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2009-0480", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-3604", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122485", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122485", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-0480.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122485\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:46:26 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-0480\");\n script_tag(name:\"insight\", value:\"ELSA-2009-0480 - poppler security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-0480\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-0480.html\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\", \"CVE-2009-3604\", \"CVE-2009-3606\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.5.4~4.4.el5_3.9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"poppler-devel\", rpm:\"poppler-devel~0.5.4~4.4.el5_3.9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"poppler-utils\", rpm:\"poppler-utils~0.5.4~4.4.el5_3.9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-22T13:05:31", "description": "Check for the Version of mandriva-release", "cvss3": {}, "published": "2010-03-12T00:00:00", "type": "openvas", "title": "Mandriva Update for mandriva-release MDVA-2010:087 (mandriva-release)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3603", "CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-3604", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310830924", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830924", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mandriva-release MDVA-2010:087 (mandriva-release)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mandriva-release on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"Fix version file and README.urpmi for MES 5.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00002.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830924\");\n script_version(\"$Revision: 8485 $\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\",\n \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\",\n \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\",\n \"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:087\");\n script_name(\"Mandriva Update for mandriva-release MDVA-2010:087 (mandriva-release)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mandriva-release\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-common\", rpm:\"mandriva-release-common~2009.0~14.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-Server\", rpm:\"mandriva-release-Server~2009.0~14.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release\", rpm:\"mandriva-release~2009.0~14.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:03", "description": "Check for the Version of mandriva-release", "cvss3": {}, "published": "2010-03-12T00:00:00", "type": "openvas", "title": "Mandriva Update for mandriva-release MDVA-2010:087 (mandriva-release)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3603", "CVE-2009-1181", "CVE-2009-1188", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-3604", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:830924", "href": "http://plugins.openvas.org/nasl.php?oid=830924", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mandriva-release MDVA-2010:087 (mandriva-release)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"mandriva-release on Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\ntag_insight = \"Fix version file and README.urpmi for MES 5.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00002.php\");\n script_id(830924);\n script_version(\"$Revision: 8226 $\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\",\n \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\",\n \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\",\n \"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-3606\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVA\", value: \"2010:087\");\n script_name(\"Mandriva Update for mandriva-release MDVA-2010:087 (mandriva-release)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mandriva-release\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-common\", rpm:\"mandriva-release-common~2009.0~14.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-Server\", rpm:\"mandriva-release-Server~2009.0~14.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release\", rpm:\"mandriva-release~2009.0~14.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:39", "description": "Check for the Version of tetex", "cvss3": {}, "published": "2010-05-17T00:00:00", "type": "openvas", "title": "CentOS Update for tetex CESA-2010:0399 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2007-5935", "CVE-2009-1179"], "modified": "2017-12-14T00:00:00", "id": "OPENVAS:880396", "href": "http://plugins.openvas.org/nasl.php?oid=880396", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tetex CESA-2010:0399 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"teTeX is an implementation of TeX. TeX takes a text file and a set of\n formatting commands as input, and creates a typesetter-independent DeVice\n Independent (DVI) file as output.\n\n A buffer overflow flaw was found in the way teTeX processed virtual font\n files when converting DVI files into PostScript. An attacker could create a\n malicious DVI file that would cause the dvips executable to crash or,\n potentially, execute arbitrary code. (CVE-2010-0827)\n \n Multiple integer overflow flaws were found in the way teTeX processed\n special commands when converting DVI files into PostScript. An attacker\n could create a malicious DVI file that would cause the dvips executable to\n crash or, potentially, execute arbitrary code. (CVE-2010-0739,\n CVE-2010-1440)\n \n A stack-based buffer overflow flaw was found in the way teTeX processed DVI\n files containing HyperTeX references with long titles, when converting them\n into PostScript. An attacker could create a malicious DVI file that would\n cause the dvips executable to crash. (CVE-2007-5935)\n \n teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\n file viewer, to allow adding images in PDF format to the generated PDF\n documents. The following issues affect Xpdf code:\n \n Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0147, CVE-2009-1179)\n \n Multiple integer overflow flaws were found in Xpdf. If a local user\n generated a PDF file from a TeX document, referencing a specially-crafted\n PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\n code with the privileges of the user running pdflatex. (CVE-2009-0791,\n CVE-2009-3609)\n \n A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0195)\n \n Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0146, CVE-2009-1182)\n \n Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\n fr ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tetex on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-May/016635.html\");\n script_id(880396);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-17 16:00:10 +0200 (Mon, 17 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0399\");\n script_cve_id(\"CVE-2007-5935\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3609\", \"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-1440\");\n script_name(\"CentOS Update for tetex CESA-2010:0399 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tetex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-fonts\", rpm:\"tetex-fonts~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:32", "description": "The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:282-1.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:282-1 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0949", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66477", "href": "http://plugins.openvas.org/nasl.php?oid=66477", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_282_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:282-1 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed with this update,\nplease visit the referenced security advisories.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:282-1\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:282-1.\";\n\n \n\nif(description)\n{\n script_id(66477);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-1179\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-0949\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:282-1 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler2\", rpm:\"libpoppler2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib2\", rpm:\"libpoppler-glib2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-2\", rpm:\"libpoppler-qt4-2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler2\", rpm:\"lib64poppler2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib2\", rpm:\"lib64poppler-glib2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-2\", rpm:\"lib64poppler-qt4-2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:39", "description": "The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:282. For details,\nplease visit the referenced security advisories.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:282 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0949", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:66084", "href": "http://plugins.openvas.org/nasl.php?oid=66084", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_282.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:282 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update corrects the problems.\n\nAffected: 2009.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:282\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:282. For details,\nplease visit the referenced security advisories.\";\n\n \n\nif(description)\n{\n script_id(66084);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-1179\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-0949\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:282 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"acl\", rpm:\"acl~2.2.47~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libacl1\", rpm:\"libacl1~2.2.47~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libacl-devel\", rpm:\"libacl-devel~2.2.47~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler3\", rpm:\"libpoppler3~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib3\", rpm:\"libpoppler-glib3~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64acl1\", rpm:\"lib64acl1~2.2.47~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64acl-devel\", rpm:\"lib64acl-devel~2.2.47~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler3\", rpm:\"lib64poppler3~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib3\", rpm:\"lib64poppler-glib3~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acl\", rpm:\"acl~2.2.47~4.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libacl1\", rpm:\"libacl1~2.2.47~4.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libacl-devel\", rpm:\"libacl-devel~2.2.47~4.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenslp1\", rpm:\"libopenslp1~1.2.1~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenslp1-devel\", rpm:\"libopenslp1-devel~1.2.1~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler3\", rpm:\"libpoppler3~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib3\", rpm:\"libpoppler-glib3~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.1~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64acl1\", rpm:\"lib64acl1~2.2.47~4.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64acl-devel\", rpm:\"lib64acl-devel~2.2.47~4.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64openslp1\", rpm:\"lib64openslp1~1.2.1~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64openslp1-devel\", rpm:\"lib64openslp1-devel~1.2.1~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler3\", rpm:\"lib64poppler3~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib3\", rpm:\"lib64poppler-glib3~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-18T11:05:01", "description": "Check for the Version of tetex", "cvss3": {}, "published": "2010-05-07T00:00:00", "type": "openvas", "title": "RedHat Update for tetex RHSA-2010:0399-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2007-5935", "CVE-2009-1179"], "modified": "2018-01-17T00:00:00", "id": "OPENVAS:1361412562310870266", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870266", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tetex RHSA-2010:0399-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"teTeX is an implementation of TeX. TeX takes a text file and a set of\n formatting commands as input, and creates a typesetter-independent DeVice\n Independent (DVI) file as output.\n\n A buffer overflow flaw was found in the way teTeX processed virtual font\n files when converting DVI files into PostScript. An attacker could create a\n malicious DVI file that would cause the dvips executable to crash or,\n potentially, execute arbitrary code. (CVE-2010-0827)\n \n Multiple integer overflow flaws were found in the way teTeX processed\n special commands when converting DVI files into PostScript. An attacker\n could create a malicious DVI file that would cause the dvips executable to\n crash or, potentially, execute arbitrary code. (CVE-2010-0739,\n CVE-2010-1440)\n \n A stack-based buffer overflow flaw was found in the way teTeX processed DVI\n files containing HyperTeX references with long titles, when converting them\n into PostScript. An attacker could create a malicious DVI file that would\n cause the dvips executable to crash. (CVE-2007-5935)\n \n teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\n file viewer, to allow adding images in PDF format to the generated PDF\n documents. The following issues affect Xpdf code:\n \n Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0147, CVE-2009-1179)\n \n Multiple integer overflow flaws were found in Xpdf. If a local user\n generated a PDF file from a TeX document, referencing a specially-crafted\n PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\n code with the privileges of the user running pdflatex. (CVE-2009-0791,\n CVE-2009-3609)\n \n A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0195)\n \n Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (C ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"tetex on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-May/msg00004.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870266\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-07 15:42:01 +0200 (Fri, 07 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0399-01\");\n script_cve_id(\"CVE-2007-5935\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3609\", \"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-1440\");\n script_name(\"RedHat Update for tetex RHSA-2010:0399-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tetex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-debuginfo\", rpm:\"tetex-debuginfo~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-fonts\", rpm:\"tetex-fonts~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:18:18", "description": "Check for the Version of tetex", "cvss3": {}, "published": "2010-05-07T00:00:00", "type": "openvas", "title": "RedHat Update for tetex RHSA-2010:0399-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2007-5935", "CVE-2009-1179"], "modified": "2017-12-19T00:00:00", "id": "OPENVAS:870266", "href": "http://plugins.openvas.org/nasl.php?oid=870266", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tetex RHSA-2010:0399-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"teTeX is an implementation of TeX. TeX takes a text file and a set of\n formatting commands as input, and creates a typesetter-independent DeVice\n Independent (DVI) file as output.\n\n A buffer overflow flaw was found in the way teTeX processed virtual font\n files when converting DVI files into PostScript. An attacker could create a\n malicious DVI file that would cause the dvips executable to crash or,\n potentially, execute arbitrary code. (CVE-2010-0827)\n \n Multiple integer overflow flaws were found in the way teTeX processed\n special commands when converting DVI files into PostScript. An attacker\n could create a malicious DVI file that would cause the dvips executable to\n crash or, potentially, execute arbitrary code. (CVE-2010-0739,\n CVE-2010-1440)\n \n A stack-based buffer overflow flaw was found in the way teTeX processed DVI\n files containing HyperTeX references with long titles, when converting them\n into PostScript. An attacker could create a malicious DVI file that would\n cause the dvips executable to crash. (CVE-2007-5935)\n \n teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\n file viewer, to allow adding images in PDF format to the generated PDF\n documents. The following issues affect Xpdf code:\n \n Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0147, CVE-2009-1179)\n \n Multiple integer overflow flaws were found in Xpdf. If a local user\n generated a PDF file from a TeX document, referencing a specially-crafted\n PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\n code with the privileges of the user running pdflatex. (CVE-2009-0791,\n CVE-2009-3609)\n \n A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0195)\n \n Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (C ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"tetex on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-May/msg00004.html\");\n script_id(870266);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-07 15:42:01 +0200 (Fri, 07 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0399-01\");\n script_cve_id(\"CVE-2007-5935\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3609\", \"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-1440\");\n script_name(\"RedHat Update for tetex RHSA-2010:0399-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tetex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-debuginfo\", rpm:\"tetex-debuginfo~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-fonts\", rpm:\"tetex-fonts~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~2.0.2~22.0.1.EL4.16\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:35", "description": "The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:282-1.", "cvss3": {}, "published": "2009-12-14T00:00:00", "type": "openvas", "title": "Mandriva Security Advisory MDVSA-2009:282-1 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0949", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066477", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066477", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_282_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:282-1 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed with this update,\nplease visit the referenced security advisories.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:282-1\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:282-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66477\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-14 23:06:43 +0100 (Mon, 14 Dec 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-1179\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-0949\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:282-1 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler2\", rpm:\"libpoppler2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib2\", rpm:\"libpoppler-glib2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-2\", rpm:\"libpoppler-qt4-2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.10~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler2\", rpm:\"lib64poppler2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib2\", rpm:\"lib64poppler-glib2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-2\", rpm:\"lib64poppler-qt4-2~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.6~3.5mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:53", "description": "The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:282. For details,\nplease visit the referenced security advisories.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:282 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0949", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066084", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066084", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_282.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:282 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update corrects the problems.\n\nAffected: 2009.0, Enterprise Server 5.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:282\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:282. For details,\nplease visit the referenced security advisories.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66084\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0165\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-1179\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-0949\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:282 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"acl\", rpm:\"acl~2.2.47~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libacl1\", rpm:\"libacl1~2.2.47~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libacl-devel\", rpm:\"libacl-devel~2.2.47~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler3\", rpm:\"libpoppler3~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib3\", rpm:\"libpoppler-glib3~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64acl1\", rpm:\"lib64acl1~2.2.47~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64acl-devel\", rpm:\"lib64acl-devel~2.2.47~4.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.10~0.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler3\", rpm:\"lib64poppler3~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib3\", rpm:\"lib64poppler-glib3~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.8.7~2.3mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acl\", rpm:\"acl~2.2.47~4.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libacl1\", rpm:\"libacl1~2.2.47~4.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libacl-devel\", rpm:\"libacl-devel~2.2.47~4.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenslp1\", rpm:\"libopenslp1~1.2.1~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenslp1-devel\", rpm:\"libopenslp1-devel~1.2.1~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler3\", rpm:\"libpoppler3~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib3\", rpm:\"libpoppler-glib3~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openslp\", rpm:\"openslp~1.2.1~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"php-cups\", rpm:\"php-cups~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64acl1\", rpm:\"lib64acl1~2.2.47~4.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64acl-devel\", rpm:\"lib64acl-devel~2.2.47~4.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.3.10~0.2mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64openslp1\", rpm:\"lib64openslp1~1.2.1~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64openslp1-devel\", rpm:\"lib64openslp1-devel~1.2.1~8.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler3\", rpm:\"lib64poppler3~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib3\", rpm:\"lib64poppler-glib3~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.8.7~2.3mdvmes5\", rls:\"MNDK_mes5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-22T13:06:00", "description": "Check for the Version of tetex", "cvss3": {}, "published": "2010-05-07T00:00:00", "type": "openvas", "title": "RedHat Update for tetex RHSA-2010:0400-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-01-22T00:00:00", "id": "OPENVAS:1361412562310870262", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870262", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tetex RHSA-2010:0400-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"teTeX is an implementation of TeX. TeX takes a text file and a set of\n formatting commands as input, and creates a typesetter-independent DeVice\n Independent (DVI) file as output.\n\n Multiple integer overflow flaws were found in the way teTeX processed\n special commands when converting DVI files into PostScript. An attacker\n could create a malicious DVI file that would cause the dvips executable to\n crash or, potentially, execute arbitrary code. (CVE-2010-0739,\n CVE-2010-1440)\n \n Multiple array index errors were found in the way teTeX converted DVI files\n into the Portable Network Graphics (PNG) format. An attacker could create a\n malicious DVI file that would cause the dvipng executable to crash.\n (CVE-2010-0829)\n \n teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\n file viewer, to allow adding images in PDF format to the generated PDF\n documents. The following issues affect Xpdf code:\n \n Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0147, CVE-2009-1179)\n \n Multiple integer overflow flaws were found in Xpdf. If a local user\n generated a PDF file from a TeX document, referencing a specially-crafted\n PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\n code with the privileges of the user running pdflatex. (CVE-2009-0791,\n CVE-2009-3608, CVE-2009-3609)\n \n A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0195)\n \n Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0146, CVE-2009-1182)\n \n Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. If a local user generated a PDF file from a\n TeX document, referencing a specially-crafted PDF file, it would cause\n Xpdf to crash or, potentially, execute arbitrary code with the privileges\n of the user running pdflatex. (CVE-2009-0166, CVE-2009-1180 ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"tetex on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-May/msg00005.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870262\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-07 15:42:01 +0200 (Fri, 07 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0400-01\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2010-0739\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n script_name(\"RedHat Update for tetex RHSA-2010:0400-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tetex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-debuginfo\", rpm:\"tetex-debuginfo~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-fonts\", rpm:\"tetex-fonts~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:48", "description": "Check for the Version of tetex", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for tetex CESA-2010:0400 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:880598", "href": "http://plugins.openvas.org/nasl.php?oid=880598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tetex CESA-2010:0400 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"teTeX is an implementation of TeX. TeX takes a text file and a set of\n formatting commands as input, and creates a typesetter-independent DeVice\n Independent (DVI) file as output.\n\n Multiple integer overflow flaws were found in the way teTeX processed\n special commands when converting DVI files into PostScript. An attacker\n could create a malicious DVI file that would cause the dvips executable to\n crash or, potentially, execute arbitrary code. (CVE-2010-0739,\n CVE-2010-1440)\n \n Multiple array index errors were found in the way teTeX converted DVI files\n into the Portable Network Graphics (PNG) format. An attacker could create a\n malicious DVI file that would cause the dvipng executable to crash.\n (CVE-2010-0829)\n \n teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\n file viewer, to allow adding images in PDF format to the generated PDF\n documents. The following issues affect Xpdf code:\n \n Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0147, CVE-2009-1179)\n \n Multiple integer overflow flaws were found in Xpdf. If a local user\n generated a PDF file from a TeX document, referencing a specially-crafted\n PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\n code with the privileges of the user running pdflatex. (CVE-2009-0791,\n CVE-2009-3608, CVE-2009-3609)\n \n A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0195)\n \n Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0146, CVE-2009-1182)\n \n Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. If a local user generated a PDF file from a\n TeX document, referencing a specially-crafted PDF file, it would cause\n Xpdf to crash or, potentially, execute arbitrary code with the privileges\n of the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)\n \n Multiple input validati ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tetex on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-May/016661.html\");\n script_id(880598);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"CESA\", value: \"2010:0400\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2010-0739\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n script_name(\"CentOS Update for tetex CESA-2010:0400 centos5 i386\");\n\n script_summary(\"Check for the Version of tetex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-fonts\", rpm:\"tetex-fonts~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:39", "description": "Check for the Version of tetex", "cvss3": {}, "published": "2010-05-07T00:00:00", "type": "openvas", "title": "RedHat Update for tetex RHSA-2010:0400-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2017-12-22T00:00:00", "id": "OPENVAS:870262", "href": "http://plugins.openvas.org/nasl.php?oid=870262", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for tetex RHSA-2010:0400-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"teTeX is an implementation of TeX. TeX takes a text file and a set of\n formatting commands as input, and creates a typesetter-independent DeVice\n Independent (DVI) file as output.\n\n Multiple integer overflow flaws were found in the way teTeX processed\n special commands when converting DVI files into PostScript. An attacker\n could create a malicious DVI file that would cause the dvips executable to\n crash or, potentially, execute arbitrary code. (CVE-2010-0739,\n CVE-2010-1440)\n \n Multiple array index errors were found in the way teTeX converted DVI files\n into the Portable Network Graphics (PNG) format. An attacker could create a\n malicious DVI file that would cause the dvipng executable to crash.\n (CVE-2010-0829)\n \n teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\n file viewer, to allow adding images in PDF format to the generated PDF\n documents. The following issues affect Xpdf code:\n \n Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0147, CVE-2009-1179)\n \n Multiple integer overflow flaws were found in Xpdf. If a local user\n generated a PDF file from a TeX document, referencing a specially-crafted\n PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\n code with the privileges of the user running pdflatex. (CVE-2009-0791,\n CVE-2009-3608, CVE-2009-3609)\n \n A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0195)\n \n Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0146, CVE-2009-1182)\n \n Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. If a local user generated a PDF file from a\n TeX document, referencing a specially-crafted PDF file, it would cause\n Xpdf to crash or, potentially, execute arbitrary code with the privileges\n of the user running pdflatex. (CVE-2009-0166, CVE-2009-1180 ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"tetex on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-May/msg00005.html\");\n script_id(870262);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-07 15:42:01 +0200 (Fri, 07 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2010:0400-01\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2010-0739\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n script_name(\"RedHat Update for tetex RHSA-2010:0400-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tetex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-debuginfo\", rpm:\"tetex-debuginfo~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-fonts\", rpm:\"tetex-fonts~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~33.8.el5_5.5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:25", "description": "Check for the Version of tetex", "cvss3": {}, "published": "2010-05-17T00:00:00", "type": "openvas", "title": "CentOS Update for tetex CESA-2010:0399 centos4 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-1440", "CVE-2010-0827", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2007-5935", "CVE-2009-1179"], "modified": "2018-01-01T00:00:00", "id": "OPENVAS:1361412562310880396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880396", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tetex CESA-2010:0399 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"teTeX is an implementation of TeX. TeX takes a text file and a set of\n formatting commands as input, and creates a typesetter-independent DeVice\n Independent (DVI) file as output.\n\n A buffer overflow flaw was found in the way teTeX processed virtual font\n files when converting DVI files into PostScript. An attacker could create a\n malicious DVI file that would cause the dvips executable to crash or,\n potentially, execute arbitrary code. (CVE-2010-0827)\n \n Multiple integer overflow flaws were found in the way teTeX processed\n special commands when converting DVI files into PostScript. An attacker\n could create a malicious DVI file that would cause the dvips executable to\n crash or, potentially, execute arbitrary code. (CVE-2010-0739,\n CVE-2010-1440)\n \n A stack-based buffer overflow flaw was found in the way teTeX processed DVI\n files containing HyperTeX references with long titles, when converting them\n into PostScript. An attacker could create a malicious DVI file that would\n cause the dvips executable to crash. (CVE-2007-5935)\n \n teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\n file viewer, to allow adding images in PDF format to the generated PDF\n documents. The following issues affect Xpdf code:\n \n Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0147, CVE-2009-1179)\n \n Multiple integer overflow flaws were found in Xpdf. If a local user\n generated a PDF file from a TeX document, referencing a specially-crafted\n PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\n code with the privileges of the user running pdflatex. (CVE-2009-0791,\n CVE-2009-3609)\n \n A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0195)\n \n Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0146, CVE-2009-1182)\n \n Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\n fr ... \n\n Description truncated, for more information please check the Reference URL\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"tetex on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-May/016635.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880396\");\n script_version(\"$Revision: 8266 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 08:28:32 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-17 16:00:10 +0200 (Mon, 17 May 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0399\");\n script_cve_id(\"CVE-2007-5935\", \"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3609\", \"CVE-2010-0739\", \"CVE-2010-0827\", \"CVE-2010-1440\");\n script_name(\"CentOS Update for tetex CESA-2010:0399 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of tetex\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-fonts\", rpm:\"tetex-fonts~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~2.0.2~22.0.1.EL4.16\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2011-08-09T00:00:00", "type": "openvas", "title": "CentOS Update for tetex CESA-2010:0400 centos5 i386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310880598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880598", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for tetex CESA-2010:0400 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-May/016661.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880598\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"CESA\", value:\"2010:0400\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2010-0739\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n script_name(\"CentOS Update for tetex CESA-2010:0400 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'tetex'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"tetex on CentOS 5\");\n script_tag(name:\"insight\", value:\"teTeX is an implementation of TeX. TeX takes a text file and a set of\n formatting commands as input, and creates a typesetter-independent DeVice\n Independent (DVI) file as output.\n\n Multiple integer overflow flaws were found in the way teTeX processed\n special commands when converting DVI files into PostScript. An attacker\n could create a malicious DVI file that would cause the dvips executable to\n crash or, potentially, execute arbitrary code. (CVE-2010-0739,\n CVE-2010-1440)\n\n Multiple array index errors were found in the way teTeX converted DVI files\n into the Portable Network Graphics (PNG) format. An attacker could create a\n malicious DVI file that would cause the dvipng executable to crash.\n (CVE-2010-0829)\n\n teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF)\n file viewer, to allow adding images in PDF format to the generated PDF\n documents. The following issues affect Xpdf code:\n\n Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0147, CVE-2009-1179)\n\n Multiple integer overflow flaws were found in Xpdf. If a local user\n generated a PDF file from a TeX document, referencing a specially-crafted\n PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary\n code with the privileges of the user running pdflatex. (CVE-2009-0791,\n CVE-2009-3608, CVE-2009-3609)\n\n A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0195)\n\n Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a\n local user generated a PDF file from a TeX document, referencing a\n specially-crafted PDF file, it would cause Xpdf to crash or, potentially,\n execute arbitrary code with the privileges of the user running pdflatex.\n (CVE-2009-0146, CVE-2009-1182)\n\n Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the\n freeing of arbitrary memory. If a local user generated a PDF file from a\n TeX document, referencing a specially-crafted PDF file, it would cause\n Xpdf to crash or, potentially, execute arbitrary code with the privileges\n of the user running pdflatex. (CVE-2009-0166, CVE-2009-1180)\n\n Multiple input validati ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-fonts\", rpm:\"tetex-fonts~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~33.8.el5_5.5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:56", "description": "Oracle Linux Local Security Checks ELSA-2010-0400", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0400", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2010-0829", "CVE-2010-1440", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2010-0739", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-1179"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122360", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0400.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122360\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:32 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0400\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0400 - tetex security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0400\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0400.html\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2010-0739\", \"CVE-2010-0829\", \"CVE-2010-1440\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"tetex\", rpm:\"tetex~3.0~33.8.el5_5.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tetex-afm\", rpm:\"tetex-afm~3.0~33.8.el5_5.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tetex-doc\", rpm:\"tetex-doc~3.0~33.8.el5_5.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tetex-dvips\", rpm:\"tetex-dvips~3.0~33.8.el5_5.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tetex-fonts\", rpm:\"tetex-fonts~3.0~33.8.el5_5.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tetex-latex\", rpm:\"tetex-latex~3.0~33.8.el5_5.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"tetex-xdvi\", rpm:\"tetex-xdvi~3.0~33.8.el5_5.5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:56:17", "description": "The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:283. For details,\nplease visit the referenced security advisories.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:283 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-1196", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0949", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:66083", "href": "http://plugins.openvas.org/nasl.php?oid=66083", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_283.nasl 6587 2017-07-07 06:35:35Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:283 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update corrects the problems.\n\nAffected: Corporate 3.0, Multi Network Firewall 2.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:283\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:283. For details,\nplease visit the referenced security advisories.\";\n\n \n\nif(description)\n{\n script_id(66083);\n script_version(\"$Revision: 6587 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 08:35:35 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-1179\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-0949\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1196\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:283 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~5.21.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.1.20~5.21.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.1.20~5.21.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.1.20~5.21.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.1.20~5.21.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:53", "description": "The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:283. For details,\nplease visit the referenced security advisories.", "cvss3": {}, "published": "2009-10-27T00:00:00", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:283 (cups)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-1181", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-1196", "CVE-2009-0166", "CVE-2009-3609", "CVE-2009-0147", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-0146", "CVE-2009-0949", "CVE-2009-0163", "CVE-2009-1179"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231066083", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066083", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_283.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:283 (cups)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update corrects the problems.\n\nAffected: Corporate 3.0, Multi Network Firewall 2.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:283\";\ntag_summary = \"The remote host is missing an update to cups\nannounced via advisory MDVSA-2009:283. For details,\nplease visit the referenced security advisories.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66083\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-27 01:37:56 +0100 (Tue, 27 Oct 2009)\");\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0163\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-1179\", \"CVE-2009-0791\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-0949\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1196\", \"CVE-2009-3608\", \"CVE-2009-3609\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:283 (cups)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2\", rpm:\"lib64cups2~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64cups2-devel\", rpm:\"lib64cups2-devel~1.1.20~5.21.C30mdk\", rls:\"MNDK_3.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups\", rpm:\"cups~1.1.20~5.21.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-common\", rpm:\"cups-common~1.1.20~5.21.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cups-serial\", rpm:\"cups-serial~1.1.20~5.21.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2\", rpm:\"libcups2~1.1.20~5.21.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libcups2-devel\", rpm:\"libcups2-devel~1.1.20~5.21.M20mdk\", rls:\"MNDK_2.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-21T11:32:59", "description": "Check for the Version of poppler", "cvss3": {}, "published": "2010-03-12T00:00:00", "type": "openvas", "title": "Mandriva Update for poppler MDVSA-2010:055 (poppler)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3608", "CVE-2009-3603", "CVE-2009-1181", "CVE-2009-3607", "CVE-2009-1188", "CVE-2009-0791", "CVE-2009-1180", "CVE-2009-3606", "CVE-2009-0799", "CVE-2009-1182", "CVE-2009-3604", "CVE-2009-3605", "CVE-2009-3609", "CVE-2009-3938", "CVE-2009-1187", "CVE-2009-1183", "CVE-2009-0800", "CVE-2009-1179"], "modified": "2017-12-20T00:00:00", "id": "OPENVAS:830932", "href": "http://plugins.openvas.org/nasl.php?oid=830932", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for poppler MDVSA-2010:055 (poppler)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An out-of-bounds reading flaw in the JBIG2 decoder allows remote\n attackers to cause a denial of service (crash) via a crafted PDF file\n (CVE-2009-0799).\n\n Multiple input validation flaws in the JBIG2 decoder allows\n remote attackers to execute arbitrary code via a crafted PDF file\n (CVE-2009-0800).\n \n An integer overflow in the JBIG2 decoder allows remote attackers to\n execute arbitrary code via a crafted PDF file (CVE-2009-1179).\n \n A free of invalid data flaw in the JBIG2 decoder allows remote\n attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).\n \n A NULL pointer dereference flaw in the JBIG2 decoder allows remote\n attackers to cause denial of service (crash) via a crafted PDF file\n (CVE-2009-1181).\n \n Multiple buffer overflows in the JBIG2 MMR decoder allows remote\n attackers to cause denial of service or to execute arbitrary code\n via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).\n \n An integer overflow in the JBIG2 decoding feature allows remote\n attackers to cause a denial of service (crash) and possibly execute\n arbitrary code via vectors related to CairoOutputDev (CVE-2009-1187).\n \n An integer overflow in the JBIG2 decoding feature allows remote\n attackers to execute arbitrary code or cause a denial of service\n (application crash) via a crafted PDF document (CVE-2009-1188).\n \n Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x\n before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers\n to execute arbitrary code via a crafted PDF document that triggers a\n heap-based buffer overflow. NOTE: some of these details are obtained\n from third party information. NOTE: this issue reportedly exists\n because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).\n \n The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x\n before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF,\n does not properly allocate memory, which allows remote attackers to\n cause a denial of service (application crash) or possibly execute\n arbitrary code via a crafted PDF document that triggers a NULL pointer\n dereference or a heap-based buffer overflow (CVE-2009-3604).\n \n Multiple integer overflows allow remote attackers to cause a denial\n of service (application crash) or possibly execute arbitrary code\n via a crafted PDF file, related to (1) glib/poppler-page.cc; (2)\n ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5)\n JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc\n in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (1 ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"poppler on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-03/msg00015.php\");\n script_id(830932);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2010:055\");\n script_cve_id(\"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\", \"CVE-2009-1187\", \"CVE-2009-1188\", \"CVE-2009-3603\", \"CVE-2009-3604\", \"CVE-2009-0791\", \"CVE-2009-3605\", \"CVE-2009-3606\", \"CVE-2009-3607\", \"CVE-2009-3608\", \"CVE-2009-3609\", \"CVE-2009-3938\");\n script_name(\"Mandriva Update for poppler MDVSA-2010:055 (poppler)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of poppler\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libpoppler3\", rpm:\"libpoppler3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-devel\", rpm:\"libpoppler-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib3\", rpm:\"libpoppler-glib3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-glib-devel\", rpm:\"libpoppler-glib-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt2\", rpm:\"libpoppler-qt2~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-3\", rpm:\"libpoppler-qt4-3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt4-devel\", rpm:\"libpoppler-qt4-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libpoppler-qt-devel\", rpm:\"libpoppler-qt-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"poppler\", rpm:\"poppler~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler3\", rpm:\"lib64poppler3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-devel\", rpm:\"lib64poppler-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib3\", rpm:\"lib64poppler-glib3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-glib-devel\", rpm:\"lib64poppler-glib-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt2\", rpm:\"lib64poppler-qt2~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-3\", rpm:\"lib64poppler-qt4-3~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt4-devel\", rpm:\"lib64poppler-qt4-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64poppler-qt-devel\", rpm:\"lib64poppler-qt-devel~0.8.7~2.4mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cert": [{"lastseen": "2021-09-28T17:51:06", "description": "### Overview\n\nXpdf and poppler contain multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n[Xpdf](<http://www.foolabs.com/xpdf/>) is an open source viewer for Portable Document Format (PDF) files. Several PDF viewing applications and libraries, such as poppler, are based on the Xpdf code. Xpdf contains multiple vulnerabilities related to the handling of PDF files that contain JBIG2 data. The vulnerabilities include, but are not limited to, a buffer overflow, an integer overflow, a null pointer dereference, and an infinite loop. \n \n--- \n \n### Impact\n\nBy convincing a user to open a malicious PDF file, an attacker may be able to execute code or cause a vulnerable PDF viewer to crash. The PDF could be emailed as an attachment or hosted on a website. \n \n--- \n \n### Solution\n\n**Apply an update**\n\nThese issues are addressed in [Xpdf 3.02-pl3](<ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch>) and [poppler 0.10.6](<http://poppler.freedesktop.org/poppler-0.10.6.tar.gz>). Please check with your vendor for software updates. \n \n--- \n \n### Vendor Information\n\n196617\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer, Inc. __ Affected\n\nNotified: February 23, 2009 Updated: May 13, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPlease see [Apple Security Update 2009-002](<http://support.apple.com/kb/HT3549>).\n\n### Debian GNU/Linux __ Affected\n\nNotified: April 06, 2009 Updated: May 06, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPlease see Debian Security Advisory [DSA-1790-1](<http://www.debian.org/security/2009/dsa-1790>).\n\n### Fedora Project Affected\n\nNotified: April 06, 2009 Updated: April 16, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Gentoo Linux Affected\n\nUpdated: April 16, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Mandriva S. A. __ Affected\n\nNotified: April 06, 2009 Updated: April 29, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPlease see [MDVSA-2009:101](<http://www.mandriva.com/en/security/advisories?name=MDVSA-2009:101>) for more details.\n\n### Novell, Inc. Affected\n\nNotified: March 12, 2009 Updated: April 16, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Poppler __ Affected\n\nUpdated: April 16, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThese issues are addressed in [poppler 0.10.6](<http://poppler.freedesktop.org/poppler-0.10.6.tar.gz>). \n\n### Red Hat, Inc. __ Affected\n\nNotified: March 12, 2009 Updated: April 17, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPlease see Red Hat Security Advisory [RHSA-2009:0429-1](<https://rhn.redhat.com/errata/RHSA-2009-0429.html>) and [RHSA-2009:0431-1](<http://rhn.redhat.com/errata/RHSA-2009-0431.html>) for vulnerability details and patch availability.\n\n### Research in Motion (RIM) __ Affected\n\nNotified: March 31, 2009 Updated: April 16, 2009 \n\n**Statement Date: February 23, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPlease see BlackBerry document [KB17953](<http://blackberry.com/btsc/KB17953>) for vulnerability details and a patch. \n\n### SUSE Linux Affected\n\nNotified: March 30, 2009 Updated: April 16, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Slackware Linux Inc. Affected\n\nNotified: April 06, 2009 Updated: April 16, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Turbolinux Affected\n\nNotified: April 06, 2009 Updated: April 16, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ubuntu __ Affected\n\nNotified: March 12, 2009 Updated: April 16, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nPlease see [USN-759-1](<http://www.ubuntu.com/usn/usn-759-1>).\n\n### xpdf __ Affected\n\nNotified: February 23, 2009 Updated: April 16, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThese issues are addressed in [Xpdf 3.02-pl3](<ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch>).\n\n### Artifex Software, Inc. Unknown\n\nNotified: February 23, 2009 Updated: February 23, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EMC Corporation Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Foxit Software Company Unknown\n\nNotified: February 23, 2009 Updated: February 23, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Google Unknown\n\nNotified: February 23, 2009 Updated: April 08, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ingrian Networks, Inc. Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Juniper Networks, Inc. Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microsoft Corporation Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sun Microsystems, Inc. Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: April 06, 2009 Updated: April 06, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Yahoo, Inc. Unknown\n\nNotified: February 23, 2009 Updated: February 23, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 43 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | 9 | AV:N/AC:M/Au:N/C:C/I:C/A:P \nTemporal | 7 | E:POC/RL:OF/RC:C \nEnvironmental | 7 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References\n\n * <http://cgit.freedesktop.org/poppler/poppler/commit/?id=9f1312f3d7dfa7e536606a7c7296b7c876b11c00>\n * <ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch>\n * <http://www.ubuntu.com/usn/usn-759-1>\n * <http://blackberry.com/btsc/KB17953>\n * <http://rhn.redhat.com/errata/RHSA-2009-0429.html>\n * <http://rhn.redhat.com/errata/RHSA-2009-0431.html>\n * <http://www.mandriva.com/en/security/advisories?name=MDVSA-2009:101>\n * <http://www.debian.org/security/2009/dsa-1790>\n * <http://support.apple.com/kb/HT3549>\n * <http://secunia.com/advisories/34291/>\n * <http://www.securitytracker.com/alerts/2009/Apr/1022072.html>\n * <http://www.securityfocus.com/bid/34568>\n * <http://jvn.jp/cert/JVNVU196617/index.html>\n\n### Acknowledgements\n\nThese vulnerabilities were reported by Will Dormann of the CERT/CC.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2009-0799](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-0799>), [CVE-2009-0800](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-0800>), [CVE-2009-1179](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-1179>), [CVE-2009-1180](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-1180>), [CVE-2009-1181](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-1181>), [CVE-2009-1182](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-1182>), [CVE-2009-1183](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-1183>), [CVE-2009-1187](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-1187>), [CVE-2009-1188](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-1188>) \n---|--- \n**Severity Metric:** | 5.01 \n**Date Public:** | 2009-04-16 \n**Date First Published:** | 2009-04-16 \n**Date Last Updated: ** | 2012-03-28 14:29 UTC \n**Document Revision: ** | 42 \n", "cvss3": {}, "published": "2009-04-16T00:00:00", "type": "cert", "title": "Xpdf and poppler contain multiple vulnerabilities in the processing of JBIG2 data", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183", "CVE-2009-1187", "CVE-2009-1188"], "modified": "2012-03-28T14:29:00", "id": "VU:196617", "href": "https://www.kb.cert.org/vuls/id/196617", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-11T14:59:08", "description": "Fix several security updates in xpdf (3.02pl3 patch applied).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-22T00:00:00", "type": "nessus", "title": "Fedora 9 : xpdf-3.02-13.fc9 (2009-3794)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xpdf", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-3794.NASL", "href": "https://www.tenable.com/plugins/nessus/36210", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3794.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36210);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_bugtraq_id(34568);\n script_xref(name:\"FEDORA\", value:\"2009-3794\");\n\n script_name(english:\"Fedora 9 : xpdf-3.02-13.fc9 (2009-3794)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix several security updates in xpdf (3.02pl3 patch applied).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495899\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022484.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e3b5f08\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"xpdf-3.02-13.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:56:15", "description": "Fix several security updates in xpdf (3.02pl3 patch applied).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2009-04-23T00:00:00", "type": "nessus", "title": "Fedora 10 : xpdf-3.02-13.fc10 (2009-3820)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:xpdf", "cpe:/o:fedoraproject:fedora:10"], "id": "FEDORA_2009-3820.NASL", "href": "https://www.tenable.com/plugins/nessus/36261", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-3820.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36261);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_bugtraq_id(34568);\n script_xref(name:\"FEDORA\", value:\"2009-3820\");\n\n script_name(english:\"Fedora 10 : xpdf-3.02-13.fc10 (2009-3820)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix several security updates in xpdf (3.02pl3 patch applied).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=490625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495887\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=495899\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-April/022506.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27437693\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"xpdf-3.02-13.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xpdf\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:00:38", "description": "Secunia reports :\n\nSome vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system.\n\nA boundary error exists when decoding JBIG2 symbol dictionary segments. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code.\n\nMultiple integer overflows in the JBIG2 decoder can be exploited to potentially execute arbitrary code.\n\nMultiple boundary errors in the JBIG2 decoder can be exploited to cause buffer overflows and potentially execute arbitrary code.\n\nMultiple errors in the JBIG2 decoder can be exploited can be exploited to free arbitrary memory and potentially execute arbitrary code.\n\nMultiple unspecified input validation errors in the JBIG2 decoder can be exploited to potentially execute arbitrary code.", "cvss3": {}, "published": "2009-04-21T00:00:00", "type": "nessus", "title": "FreeBSD : xpdf -- multiple vulnerabilities (a21037d5-2c38-11de-ab3b-0017a4cccfc6)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:xpdf", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A21037D52C3811DEAB3B0017A4CCCFC6.NASL", "href": "https://www.tenable.com/plugins/nessus/36193", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36193);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_xref(name:\"Secunia\", value:\"34291\");\n\n script_name(english:\"FreeBSD : xpdf -- multiple vulnerabilities (a21037d5-2c38-11de-ab3b-0017a4cccfc6)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nSome vulnerabilities have been reported in Xpdf, which can be\nexploited by malicious people to potentially compromise a user's\nsystem.\n\nA boundary error exists when decoding JBIG2 symbol dictionary\nsegments. This can be exploited to cause a heap-based buffer overflow\nand potentially execute arbitrary code.\n\nMultiple integer overflows in the JBIG2 decoder can be exploited to\npotentially execute arbitrary code.\n\nMultiple boundary errors in the JBIG2 decoder can be exploited to\ncause buffer overflows and potentially execute arbitrary code.\n\nMultiple errors in the JBIG2 decoder can be exploited can be exploited\nto free arbitrary memory and potentially execute arbitrary code.\n\nMultiple unspecified input validation errors in the JBIG2 decoder can\nbe exploited to potentially execute arbitrary code.\"\n );\n # http://www.vupen.com/english/advisories/2009/1065\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ovh.co.uk/mail/\"\n );\n # https://vuxml.freebsd.org/freebsd/a21037d5-2c38-11de-ab3b-0017a4cccfc6.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1890de32\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"xpdf<3.02_11\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:27:29", "description": "Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder.\nAn attacker could create a malicious PDF that would cause Xpdf to crash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : xpdf on SL3.x, SL4.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090416_XPDF_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60571", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60571);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n\n script_name(english:\"Scientific Linux Security Update : xpdf on SL3.x, SL4.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to\ncrash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to\ncrash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in Xpdf's JBIG2 decoder that could lead to\nthe freeing of arbitrary memory. An attacker could create a malicious\nPDF file that would cause Xpdf to crash or, potentially, execute\narbitrary code when opened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in Xpdf's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause Xpdf to\ncrash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in Xpdf's JBIG2 decoder.\nAn attacker could create a malicious PDF that would cause Xpdf to\ncrash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0904&L=scientific-linux-errata&T=0&P=2214\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1c52a240\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xpdf package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"xpdf-2.02-14.el3\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"xpdf-3.00-20.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:27:48", "description": "Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in KPDF's JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in KPDF's JBIG2 decoder.\nAn attacker could create a malicious PDF that would cause KPDF to crash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)", "cvss3": {}, "published": "2012-08-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kdegraphics on SL4.x, SL5.x i386/x86_64", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183"], "modified": "2021-01-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090416_KDEGRAPHICS_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60569);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n\n script_name(english:\"Scientific Linux Security Update : kdegraphics on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to\ncrash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to\ncrash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in KPDF's JBIG2 decoder that could lead to\nthe freeing of arbitrary memory. An attacker could create a malicious\nPDF file that would cause KPDF to crash or, potentially, execute\narbitrary code when opened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to\ncrash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in KPDF's JBIG2 decoder.\nAn attacker could create a malicious PDF that would cause KPDF to\ncrash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0904&L=scientific-linux-errata&T=0&P=2343\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b5f879e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdegraphics and / or kdegraphics-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/04/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"kdegraphics-3.3.1-13.el4\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"kdegraphics-devel-3.3.1-13.el4\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"kdegraphics-3.5.4-12.el5_3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"kdegraphics-devel-3.5.4-12.el5_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:53:12", "description": "Multiple buffer overflows in the JBIG2 decoder allows remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0146).\n\nMultiple integer overflows in the JBIG2 decoder allows remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0147).\n\nAn integer overflow in the JBIG2 decoder has unspecified impact.\n(CVE-2009-0165).\n\nA free of uninitialized memory flaw in the the JBIG2 decoder allows remote to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0166).\n\nMultiple input validation flaws in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file (CVE-2009-0800).\n\nAn out-of-bounds read flaw in the JBIG2 decoder allows remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0799).\n\nAn integer overflow in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF file (CVE-2009-1179).\n\nA free of invalid data flaw in the JBIG2 decoder allows remote attackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).\n\nA NULL pointer dereference flaw in the JBIG2 decoder allows remote attackers to cause denial of service (crash) via a crafted PDF file (CVE-2009-1181).\n\nMultiple buffer overflows in the JBIG2 MMR decoder allows remote attackers to cause denial of service or to execute arbitrary code via a crafted PDF file (CVE-2009-1182, CVE-2009-1183).\n\nThis update provides fixes for that vulnerabilities.", "cvss3": {}, "published": "2009-04-29T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : xpdf (MDVSA-2009:101)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0165", "CVE-2009-0166", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:xpdf", "p-cpe:/a:mandriva:linux:xpdf-common", "p-cpe:/a:mandriva:linux:xpdf-tools", "cpe:/o:mandriva:linux:2008.0", "cpe:/o:mandriva:linux:2008.1", "cpe:/o:mandriva:linux:2009.0"], "id": "MANDRIVA_MDVSA-2009-101.NASL", "href": "https://www.tenable.com/plugins/nessus/38204", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:101. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38204);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2009-0146\",\n \"CVE-2009-0147\",\n \"CVE-2009-0165\",\n \"CVE-2009-0166\",\n \"CVE-2009-0799\",\n \"CVE-2009-0800\",\n \"CVE-2009-1179\",\n \"CVE-2009-1180\",\n \"CVE-2009-1181\",\n \"CVE-2009-1182\",\n \"CVE-2009-1183\"\n );\n script_bugtraq_id(34568);\n script_xref(name:\"MDVSA\", value:\"2009:101\");\n\n script_name(english:\"Mandriva Linux Security Advisory : xpdf (MDVSA-2009:101)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple buffer overflows in the JBIG2 decoder allows remote attackers\nto cause a denial of service (crash) via a crafted PDF file\n(CVE-2009-0146).\n\nMultiple integer overflows in the JBIG2 decoder allows remote\nattackers to cause a denial of service (crash) via a crafted PDF file\n(CVE-2009-0147).\n\nAn integer overflow in the JBIG2 decoder has unspecified impact.\n(CVE-2009-0165).\n\nA free of uninitialized memory flaw in the the JBIG2 decoder allows\nremote to cause a denial of service (crash) via a crafted PDF file\n(CVE-2009-0166).\n\nMultiple input validation flaws in the JBIG2 decoder allows remote\nattackers to execute arbitrary code via a crafted PDF file\n(CVE-2009-0800).\n\nAn out-of-bounds read flaw in the JBIG2 decoder allows remote\nattackers to cause a denial of service (crash) via a crafted PDF file\n(CVE-2009-0799).\n\nAn integer overflow in the JBIG2 decoder allows remote attackers to\nexecute arbitrary code via a crafted PDF file (CVE-2009-1179).\n\nA free of invalid data flaw in the JBIG2 decoder allows remote\nattackers to execute arbitrary code via a crafted PDF (CVE-2009-1180).\n\nA NULL pointer dereference flaw in the JBIG2 decoder allows remote\nattackers to cause denial of service (crash) via a crafted PDF file\n(CVE-2009-1181).\n\nMultiple buffer overflows in the JBIG2 MMR decoder allows remote\nattackers to cause denial of service or to execute arbitrary code via\na crafted PDF file (CVE-2009-1182, CVE-2009-1183).\n\nThis update provides fixes for that vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xpdf, xpdf-common and / or xpdf-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xpdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xpdf-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:xpdf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xpdf-3.02-8.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xpdf-common-3.02-8.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"xpdf-tools-3.02-8.2mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.1\", reference:\"xpdf-3.02-10.1mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", reference:\"xpdf-common-3.02-10.1mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"xpdf-3.02-12.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"xpdf-common-3.02-12.1mdv2009.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-11T14:57:47", "description": "Updated kdegraphics packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files.\n\nMultiple integer overflow flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in KPDF's JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in KPDF's JBIG2 decoder.\nAn attacker could create a malicious PDF that would cause KPDF to crash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team, and Will Dormann of the CERT/CC for responsibly reporting these flaws.\n\nUsers are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.", "cvss3": {}, "published": "2009-04-17T00:00:00", "type": "nessus", "title": "RHEL 4 / 5 : kdegraphics (RHSA-2009:0431)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0146", "CVE-2009-0147", "CVE-2009-0166", "CVE-2009-0195", "CVE-2009-0799", "CVE-2009-0800", "CVE-2009-1179", "CVE-2009-1180", "CVE-2009-1181", "CVE-2009-1182", "CVE-2009-1183"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kdegraphics", "p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.7", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.3"], "id": "REDHAT-RHSA-2009-0431.NASL", "href": "https://www.tenable.com/plugins/nessus/36181", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:0431. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36181);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0146\", \"CVE-2009-0147\", \"CVE-2009-0166\", \"CVE-2009-0195\", \"CVE-2009-0799\", \"CVE-2009-0800\", \"CVE-2009-1179\", \"CVE-2009-1180\", \"CVE-2009-1181\", \"CVE-2009-1182\", \"CVE-2009-1183\");\n script_bugtraq_id(34568);\n script_xref(name:\"RHSA\", value:\"2009:0431\");\n\n script_name(english:\"RHEL 4 / 5 : kdegraphics (RHSA-2009:0431)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kdegraphics packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe kdegraphics packages contain applications for the K Desktop\nEnvironment, including KPDF, a viewer for Portable Document Format\n(PDF) files.\n\nMultiple integer overflow flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to\ncrash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0147, CVE-2009-1179)\n\nMultiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to\ncrash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0146, CVE-2009-1182)\n\nMultiple flaws were found in KPDF's JBIG2 decoder that could lead to\nthe freeing of arbitrary memory. An attacker could create a malicious\nPDF file that would cause KPDF to crash or, potentially, execute\narbitrary code when opened. (CVE-2009-0166, CVE-2009-1180)\n\nMultiple input validation flaws were found in KPDF's JBIG2 decoder. An\nattacker could create a malicious PDF file that would cause KPDF to\ncrash or, potentially, execute arbitrary code when opened.\n(CVE-2009-0800)\n\nMultiple denial of service flaws were found in KPDF's JBIG2 decoder.\nAn attacker could create a malicious PDF that would cause KPDF to\ncrash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)\n\nRed Hat would like to thank Braden Thomas and Drew Yao of the Apple\nProduct Security team, and Will Dormann of the CERT/CC for responsibly\nreporting these flaws.\n\nUsers are advised to upgrade to these updated packages, which contain\nbackported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0146\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0147\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-0800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:0431\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kdegraphics and / or kdegraphics-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n s
CVE-2009-1180
