The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers
to cause a denial of service (NULL pointer dereference and application
crash) via a crafted PDF document.
#### Bugs
* <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859329>
{"cve": [{"lastseen": "2022-03-23T18:35:47", "description": "The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-03T05:59:00", "type": "cve", "title": "CVE-2017-7382", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7382"], "modified": "2017-04-10T21:40:00", "cpe": ["cpe:/a:podofo_project:podofo:0.9.5"], "id": "CVE-2017-7382", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7382", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:podofo_project:podofo:0.9.5:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-07-04T06:00:24", "description": "The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2017-04-03T05:59:00", "type": "debiancve", "title": "CVE-2017-7382", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7382"], "modified": "2017-04-03T05:59:00", "id": "DEBIANCVE:CVE-2017-7382", "href": "https://security-tracker.debian.org/tracker/CVE-2017-7382", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-10-22T13:37:14", "description": "Package : libpodofo\nVersion : 0.9.0-1.1+deb7u2\nCVE ID : CVE-2017-6840 CVE-2017-6842 CVE-2017-6843\n CVE-2017-6847 CVE-2017-6848 CVE-2017-7378\n CVE-2017-7380 CVE-2017-7381 CVE-2017-7382\n CVE-2017-7383\nDebian Bug : 861557 861564 859330 859329\n\nSeveral heap-based buffer overflows and NULL pointer\ndereferences have been discovered in libpodofo, a library for\nmanipulating PDF files, that allow remote attackers to cause a denial\nof service (application crash) or other unspecified impact via a\ncrafted PDF document.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n0.9.0-1.1+deb7u2.\n\nWe recommend that you upgrade your libpodofo packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-30T21:00:37", "type": "debian", "title": "[SECURITY] [DLA 968-1] libpodofo security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6840", "CVE-2017-6842", "CVE-2017-6843", "CVE-2017-6847", "CVE-2017-6848", "CVE-2017-7378", "CVE-2017-7380", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383"], "modified": "2017-05-30T21:00:37", "id": "DEBIAN:DLA-968-1:B94D4", "href": "https://lists.debian.org/debian-lts-announce/2017/05/msg00037.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-30T16:13:52", "description": "Package : libpodofo\nVersion : 0.9.0-1.1+deb7u2\nCVE ID : CVE-2017-6840 CVE-2017-6842 CVE-2017-6843\n CVE-2017-6847 CVE-2017-6848 CVE-2017-7378\n CVE-2017-7380 CVE-2017-7381 CVE-2017-7382\n CVE-2017-7383\nDebian Bug : 861557 861564 859330 859329\n\nSeveral heap-based buffer overflows and NULL pointer\ndereferences have been discovered in libpodofo, a library for\nmanipulating PDF files, that allow remote attackers to cause a denial\nof service (application crash) or other unspecified impact via a\ncrafted PDF document.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n0.9.0-1.1+deb7u2.\n\nWe recommend that you upgrade your libpodofo packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-30T21:00:37", "type": "debian", "title": "[SECURITY] [DLA 968-1] libpodofo security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6840", "CVE-2017-6842", "CVE-2017-6843", "CVE-2017-6847", "CVE-2017-6848", "CVE-2017-7378", "CVE-2017-7380", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383"], "modified": "2017-05-30T21:00:37", "id": "DEBIAN:DLA-968-1:1E691", "href": "https://lists.debian.org/debian-lts-announce/2017/05/msg00037.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-08-05T05:20:16", "description": "\nSeveral heap-based buffer overflows and NULL pointer\ndereferences have been discovered in libpodofo, a library for\nmanipulating PDF files, that allow remote attackers to cause a denial\nof service (application crash) or other unspecified impact via a\ncrafted PDF document.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n0.9.0-1.1+deb7u2.\n\n\nWe recommend that you upgrade your libpodofo packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2017-05-30T00:00:00", "type": "osv", "title": "libpodofo - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-6840", "CVE-2017-6842", "CVE-2017-6843", "CVE-2017-6847", "CVE-2017-6848", "CVE-2017-7378", "CVE-2017-7380", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383"], "modified": "2022-08-05T05:20:12", "id": "OSV:DLA-968-1", "href": "https://osv.dev/vulnerability/DLA-968-1", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:36:45", "description": "Several heap-based buffer overflows and NULL pointer dereferences have been discovered in libpodofo, a library for manipulating PDF files, that allow remote attackers to cause a denial of service (application crash) or other unspecified impact via a crafted PDF document.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 0.9.0-1.1+deb7u2.\n\nWe recommend that you upgrade your libpodofo packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-05-31T00:00:00", "type": "nessus", "title": "Debian DLA-968-1 : libpodofo security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6840", "CVE-2017-6842", "CVE-2017-6843", "CVE-2017-6847", "CVE-2017-6848", "CVE-2017-7378", "CVE-2017-7380", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libpodofo-dev", "p-cpe:/a:debian:debian_linux:libpodofo-utils", "p-cpe:/a:debian:debian_linux:libpodofo0.9.0", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-968.NASL", "href": "https://www.tenable.com/plugins/nessus/100517", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-968-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100517);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-6840\", \"CVE-2017-6842\", \"CVE-2017-6843\", \"CVE-2017-6847\", \"CVE-2017-6848\", \"CVE-2017-7378\", \"CVE-2017-7380\", \"CVE-2017-7381\", \"CVE-2017-7382\", \"CVE-2017-7383\");\n\n script_name(english:\"Debian DLA-968-1 : libpodofo security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several heap-based buffer overflows and NULL pointer dereferences have\nbeen discovered in libpodofo, a library for manipulating PDF files,\nthat allow remote attackers to cause a denial of service (application\ncrash) or other unspecified impact via a crafted PDF document.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n0.9.0-1.1+deb7u2.\n\nWe recommend that you upgrade your libpodofo packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/05/msg00037.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libpodofo\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpodofo-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpodofo-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libpodofo0.9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libpodofo-dev\", reference:\"0.9.0-1.1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpodofo-utils\", reference:\"0.9.0-1.1+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libpodofo0.9.0\", reference:\"0.9.0-1.1+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:28:47", "description": "This update for podofo fixes the following issues :\n\nThese security issues were fixed :\n\nCVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779).\n\nCVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772)\n\nCVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026).\n\nCVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779).\n\nCVE-2018-5309: Prevent integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075322).\n\nCVE-2018-5296: Prevent uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075021).\n\nCVE-2017-7381: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032020).\n\nCVE-2017-7382: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032021).\n\nCVE-2017-7383: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032022).\n\nCVE-2018-11256: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1096889).\n\nCVE-2018-5783: Prevent uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function that allowed remote attackers to cause a denial of service via a crafted pdf file (bsc#1076962).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-02-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 Security Update : podofo (SUSE-SU-2019:0393-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-6845", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383", "CVE-2017-8054", "CVE-2018-11256", "CVE-2018-5295", "CVE-2018-5296", "CVE-2018-5308", "CVE-2018-5309", "CVE-2018-5783"], "modified": "2020-02-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libpodofo0_9_2", "p-cpe:/a:novell:suse_linux:libpodofo0_9_2-debuginfo", "p-cpe:/a:novell:suse_linux:podofo-debuginfo", "p-cpe:/a:novell:suse_linux:podofo-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0393-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122229", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0393-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122229);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/02/12\");\n\n script_cve_id(\"CVE-2017-6845\", \"CVE-2017-7381\", \"CVE-2017-7382\", \"CVE-2017-7383\", \"CVE-2017-8054\", \"CVE-2018-11256\", \"CVE-2018-5295\", \"CVE-2018-5296\", \"CVE-2018-5308\", \"CVE-2018-5309\", \"CVE-2018-5783\");\n\n script_name(english:\"SUSE SLED12 Security Update : podofo (SUSE-SU-2019:0393-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for podofo fixes the following issues :\n\nThese security issues were fixed :\n\nCVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote\nattackers to cause a denial of service (NULL pointer dereference) via\na crafted file (bsc#1027779).\n\nCVE-2018-5308: Properly validate memcpy arguments in the\nPdfMemoryOutputStream::Write function to prevent remote attackers from\ncausing a denial-of-service or possibly have unspecified other impact\nvia a crafted pdf file (bsc#1075772)\n\nCVE-2018-5295: Prevent integer overflow in the\nPdfXRefStreamParserObject::ParseStream function that allowed remote\nattackers to cause a denial-of-service via a crafted pdf file\n(bsc#1075026).\n\nCVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote\nattackers to cause a denial of service (NULL pointer dereference) via\na crafted file (bsc#1027779).\n\nCVE-2018-5309: Prevent integer overflow in the\nPdfObjectStreamParserObject::ReadObjectsFromStream function that\nallowed remote attackers to cause a denial-of-service via a crafted\npdf file (bsc#1075322).\n\nCVE-2018-5296: Prevent uncontrolled memory allocation in the\nPdfParser::ReadXRefSubsection function that allowed remote attackers\nto cause a denial-of-service via a crafted pdf file (bsc#1075021).\n\nCVE-2017-7381: Prevent NULL pointer dereference that allowed remote\nattackers to cause a denial of service via a crafted PDF document\n(bsc#1032020).\n\nCVE-2017-7382: Prevent NULL pointer dereference that allowed remote\nattackers to cause a denial of service via a crafted PDF document\n(bsc#1032021).\n\nCVE-2017-7383: Prevent NULL pointer dereference that allowed remote\nattackers to cause a denial of service via a crafted PDF document\n(bsc#1032022).\n\nCVE-2018-11256: Prevent NULL pointer dereference that allowed remote\nattackers to cause a denial of service via a crafted PDF document\n(bsc#1096889).\n\nCVE-2018-5783: Prevent uncontrolled memory allocation in the\nPoDoFo::PdfVecObjects::Reserve function that allowed remote attackers\nto cause a denial of service via a crafted pdf file (bsc#1076962).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096889\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6845/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7381/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7382/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7383/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8054/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-11256/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5295/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5296/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5308/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5309/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5783/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190393-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9c49bc58\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-393=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2019-393=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-393=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-393=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-393=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-393=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpodofo0_9_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libpodofo0_9_2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:podofo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:podofo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libpodofo0_9_2-0.9.2-3.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libpodofo0_9_2-debuginfo-0.9.2-3.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"podofo-debuginfo-0.9.2-3.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"podofo-debugsource-0.9.2-3.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libpodofo0_9_2-0.9.2-3.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libpodofo0_9_2-debuginfo-0.9.2-3.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"podofo-debuginfo-0.9.2-3.6.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"podofo-debugsource-0.9.2-3.6.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"podofo\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:29:18", "description": "Backport security fixes for: CVE-2017-7380, CVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-5852, CVE-2017-5853, CVE-2017-6844, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886, CVE-2018-8000, CVE-2017-6840, CVE-2017-6842, CVE-2017-6843, CVE-2017-6845, CVE-2017-6847, CVE-2017-6848, CVE-2017-7378, CVE-2017-7379, CVE-2017-7994, CVE-2017-8054, CVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5308\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : mingw-podofo (2018-578fa05659)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5852", "CVE-2017-5853", "CVE-2017-5854", "CVE-2017-5855", "CVE-2017-5886", "CVE-2017-6840", "CVE-2017-6842", "CVE-2017-6843", "CVE-2017-6844", "CVE-2017-6845", "CVE-2017-6847", "CVE-2017-6848", "CVE-2017-7378", "CVE-2017-7379", "CVE-2017-7380", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383", "CVE-2017-7994", "CVE-2017-8054", "CVE-2017-8378", "CVE-2017-8787", "CVE-2018-5295", "CVE-2018-5308", "CVE-2018-8000"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-podofo", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-578FA05659.NASL", "href": "https://www.tenable.com/plugins/nessus/120441", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-578fa05659.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120441);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5852\", \"CVE-2017-5853\", \"CVE-2017-5854\", \"CVE-2017-5855\", \"CVE-2017-5886\", \"CVE-2017-6840\", \"CVE-2017-6842\", \"CVE-2017-6843\", \"CVE-2017-6844\", \"CVE-2017-6845\", \"CVE-2017-6847\", \"CVE-2017-6848\", \"CVE-2017-7378\", \"CVE-2017-7379\", \"CVE-2017-7380\", \"CVE-2017-7381\", \"CVE-2017-7382\", \"CVE-2017-7383\", \"CVE-2017-7994\", \"CVE-2017-8054\", \"CVE-2017-8378\", \"CVE-2017-8787\", \"CVE-2018-5295\", \"CVE-2018-5308\", \"CVE-2018-8000\");\n script_xref(name:\"FEDORA\", value:\"2018-578fa05659\");\n\n script_name(english:\"Fedora 28 : mingw-podofo (2018-578fa05659)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Backport security fixes for: CVE-2017-7380, CVE-2017-7381,\nCVE-2017-7382, CVE-2017-7383, CVE-2017-5852, CVE-2017-5853,\nCVE-2017-6844, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886,\nCVE-2018-8000, CVE-2017-6840, CVE-2017-6842, CVE-2017-6843,\nCVE-2017-6845, CVE-2017-6847, CVE-2017-6848, CVE-2017-7378,\nCVE-2017-7379, CVE-2017-7994, CVE-2017-8054, CVE-2017-8378,\nCVE-2017-8787, CVE-2018-5295, CVE-2018-5308\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-578fa05659\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-podofo package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-podofo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"mingw-podofo-0.9.5-6.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-podofo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:07", "description": "Backport security fixes for: CVE-2017-7380, CVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-5852, CVE-2017-5853, CVE-2017-6844, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886, CVE-2018-8000, CVE-2017-6840, CVE-2017-6842, CVE-2017-6843, CVE-2017-6845, CVE-2017-6847, CVE-2017-6848, CVE-2017-7378, CVE-2017-7379, CVE-2017-7994, CVE-2017-8054, CVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5308\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-26T00:00:00", "type": "nessus", "title": "Fedora 27 : mingw-podofo (2018-2807317e7a)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5852", "CVE-2017-5853", "CVE-2017-5854", "CVE-2017-5855", "CVE-2017-5886", "CVE-2017-6840", "CVE-2017-6842", "CVE-2017-6843", "CVE-2017-6844", "CVE-2017-6845", "CVE-2017-6847", "CVE-2017-6848", "CVE-2017-7378", "CVE-2017-7379", "CVE-2017-7380", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383", "CVE-2017-7994", "CVE-2017-8054", "CVE-2017-8378", "CVE-2017-8787", "CVE-2018-5295", "CVE-2018-5308", "CVE-2018-8000"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mingw-podofo", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-2807317E7A.NASL", "href": "https://www.tenable.com/plugins/nessus/110689", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-2807317e7a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110689);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5852\", \"CVE-2017-5853\", \"CVE-2017-5854\", \"CVE-2017-5855\", \"CVE-2017-5886\", \"CVE-2017-6840\", \"CVE-2017-6842\", \"CVE-2017-6843\", \"CVE-2017-6844\", \"CVE-2017-6845\", \"CVE-2017-6847\", \"CVE-2017-6848\", \"CVE-2017-7378\", \"CVE-2017-7379\", \"CVE-2017-7380\", \"CVE-2017-7381\", \"CVE-2017-7382\", \"CVE-2017-7383\", \"CVE-2017-7994\", \"CVE-2017-8054\", \"CVE-2017-8378\", \"CVE-2017-8787\", \"CVE-2018-5295\", \"CVE-2018-5308\", \"CVE-2018-8000\");\n script_xref(name:\"FEDORA\", value:\"2018-2807317e7a\");\n\n script_name(english:\"Fedora 27 : mingw-podofo (2018-2807317e7a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Backport security fixes for: CVE-2017-7380, CVE-2017-7381,\nCVE-2017-7382, CVE-2017-7383, CVE-2017-5852, CVE-2017-5853,\nCVE-2017-6844, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886,\nCVE-2018-8000, CVE-2017-6840, CVE-2017-6842, CVE-2017-6843,\nCVE-2017-6845, CVE-2017-6847, CVE-2017-6848, CVE-2017-7378,\nCVE-2017-7379, CVE-2017-7994, CVE-2017-8054, CVE-2017-8378,\nCVE-2017-8787, CVE-2018-5295, CVE-2018-5308\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-2807317e7a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mingw-podofo package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mingw-podofo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"mingw-podofo-0.9.5-6.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mingw-podofo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T16:52:47", "description": "This update fixes multiple security vulnerabilities: CVE-2017-7380, CVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-5852, CVE-2017-5853, CVE-2017-6844, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886, CVE-2018-8000, CVE-2017-6840, CVE-2017-6842, CVE-2017-6843, CVE-2017-6845, CVE-2017-6847, CVE-2017-6848, CVE-2017-7378, CVE-2017-7379, CVE-2017-7994, CVE-2017-8054, CVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5308\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : podofo (2018-5bd16d6143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8981", "CVE-2017-5852", "CVE-2017-5853", "CVE-2017-5854", "CVE-2017-5855", "CVE-2017-5886", "CVE-2017-6840", "CVE-2017-6842", "CVE-2017-6843", "CVE-2017-6844", "CVE-2017-6845", "CVE-2017-6847", "CVE-2017-6848", "CVE-2017-7378", "CVE-2017-7379", "CVE-2017-7380", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383", "CVE-2017-7994", "CVE-2017-8054", "CVE-2017-8378", "CVE-2017-8787", "CVE-2018-5295", "CVE-2018-5308", "CVE-2018-8000"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:podofo", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-5BD16D6143.NASL", "href": "https://www.tenable.com/plugins/nessus/120452", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-5bd16d6143.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120452);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-8981\", \"CVE-2017-5852\", \"CVE-2017-5853\", \"CVE-2017-5854\", \"CVE-2017-5855\", \"CVE-2017-5886\", \"CVE-2017-6840\", \"CVE-2017-6842\", \"CVE-2017-6843\", \"CVE-2017-6844\", \"CVE-2017-6845\", \"CVE-2017-6847\", \"CVE-2017-6848\", \"CVE-2017-7378\", \"CVE-2017-7379\", \"CVE-2017-7380\", \"CVE-2017-7381\", \"CVE-2017-7382\", \"CVE-2017-7383\", \"CVE-2017-7994\", \"CVE-2017-8054\", \"CVE-2017-8378\", \"CVE-2017-8787\", \"CVE-2018-5295\", \"CVE-2018-5308\", \"CVE-2018-8000\");\n script_xref(name:\"FEDORA\", value:\"2018-5bd16d6143\");\n\n script_name(english:\"Fedora 28 : podofo (2018-5bd16d6143)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes multiple security vulnerabilities: CVE-2017-7380,\nCVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-5852,\nCVE-2017-5853, CVE-2017-6844, CVE-2017-5854, CVE-2017-5855,\nCVE-2017-5886, CVE-2018-8000, CVE-2017-6840, CVE-2017-6842,\nCVE-2017-6843, CVE-2017-6845, CVE-2017-6847, CVE-2017-6848,\nCVE-2017-7378, CVE-2017-7379, CVE-2017-7994, CVE-2017-8054,\nCVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5308\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-5bd16d6143\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected podofo package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:podofo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"podofo-0.9.5-9.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"podofo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-06T14:29:59", "description": "This update fixes multiple security vulnerabilities: CVE-2017-7380, CVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-5852, CVE-2017-5853, CVE-2017-6844, CVE-2017-5854, CVE-2017-5855, CVE-2017-5886, CVE-2018-8000, CVE-2017-6840, CVE-2017-6842, CVE-2017-6843, CVE-2017-6845, CVE-2017-6847, CVE-2017-6848, CVE-2017-7378, CVE-2017-7379, CVE-2017-7994, CVE-2017-8054, CVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5308\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-06-26T00:00:00", "type": "nessus", "title": "Fedora 27 : podofo (2018-2f3c0cdf93)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8981", "CVE-2017-5852", "CVE-2017-5853", "CVE-2017-5854", "CVE-2017-5855", "CVE-2017-5886", "CVE-2017-6840", "CVE-2017-6842", "CVE-2017-6843", "CVE-2017-6844", "CVE-2017-6845", "CVE-2017-6847", "CVE-2017-6848", "CVE-2017-7378", "CVE-2017-7379", "CVE-2017-7380", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383", "CVE-2017-7994", "CVE-2017-8054", "CVE-2017-8378", "CVE-2017-8787", "CVE-2018-5295", "CVE-2018-5308", "CVE-2018-8000"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:podofo", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-2F3C0CDF93.NASL", "href": "https://www.tenable.com/plugins/nessus/110690", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-2f3c0cdf93.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110690);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-8981\", \"CVE-2017-5852\", \"CVE-2017-5853\", \"CVE-2017-5854\", \"CVE-2017-5855\", \"CVE-2017-5886\", \"CVE-2017-6840\", \"CVE-2017-6842\", \"CVE-2017-6843\", \"CVE-2017-6844\", \"CVE-2017-6845\", \"CVE-2017-6847\", \"CVE-2017-6848\", \"CVE-2017-7378\", \"CVE-2017-7379\", \"CVE-2017-7380\", \"CVE-2017-7381\", \"CVE-2017-7382\", \"CVE-2017-7383\", \"CVE-2017-7994\", \"CVE-2017-8054\", \"CVE-2017-8378\", \"CVE-2017-8787\", \"CVE-2018-5295\", \"CVE-2018-5308\", \"CVE-2018-8000\");\n script_xref(name:\"FEDORA\", value:\"2018-2f3c0cdf93\");\n\n script_name(english:\"Fedora 27 : podofo (2018-2f3c0cdf93)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes multiple security vulnerabilities: CVE-2017-7380,\nCVE-2017-7381, CVE-2017-7382, CVE-2017-7383, CVE-2017-5852,\nCVE-2017-5853, CVE-2017-6844, CVE-2017-5854, CVE-2017-5855,\nCVE-2017-5886, CVE-2018-8000, CVE-2017-6840, CVE-2017-6842,\nCVE-2017-6843, CVE-2017-6845, CVE-2017-6847, CVE-2017-6848,\nCVE-2017-7378, CVE-2017-7379, CVE-2017-7994, CVE-2017-8054,\nCVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5308\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f3c0cdf93\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected podofo package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:podofo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"podofo-0.9.5-9.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"podofo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:32:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-26T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-podofo FEDORA-2018-578fa05659", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5308", "CVE-2018-8000", "CVE-2017-7381", "CVE-2017-6843", "CVE-2017-8787", "CVE-2017-7383", "CVE-2017-6845", "CVE-2017-7994", "CVE-2017-5852", "CVE-2017-6842", "CVE-2017-8054", "CVE-2017-7378", "CVE-2017-5886", "CVE-2017-7382", "CVE-2017-5854", "CVE-2017-5855", "CVE-2018-5295", "CVE-2017-5853", "CVE-2017-6844", "CVE-2017-7379", "CVE-2017-6848", "CVE-2017-7380", "CVE-2017-6847", "CVE-2017-6840", "CVE-2017-8378"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874738", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874738", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_578fa05659_mingw-podofo_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mingw-podofo FEDORA-2018-578fa05659\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874738\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-26 06:02:30 +0200 (Tue, 26 Jun 2018)\");\n script_cve_id(\"CVE-2017-7380\", \"CVE-2017-7381\", \"CVE-2017-7382\", \"CVE-2017-7383\",\n \"CVE-2017-5852\", \"CVE-2017-5853\", \"CVE-2017-6844\", \"CVE-2017-5854\",\n \"CVE-2017-5855\", \"CVE-2017-5886\", \"CVE-2018-8000\", \"CVE-2017-6840\",\n \"CVE-2017-6842\", \"CVE-2017-6843\", \"CVE-2017-6845\", \"CVE-2017-6847\",\n \"CVE-2017-6848\", \"CVE-2017-7378\", \"CVE-2017-7379\", \"CVE-2017-7994\",\n \"CVE-2017-8054\", \"CVE-2017-8378\", \"CVE-2017-8787\", \"CVE-2018-5295\",\n \"CVE-2018-5308\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-podofo FEDORA-2018-578fa05659\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-podofo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"mingw-podofo on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-578fa05659\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C2XDSNP6BNWOCCEK553GHMEH44HB532M\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-podofo\", rpm:\"mingw32-podofo~0.9.5~6.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mingw64-podofo\", rpm:\"mingw64-podofo~0.9.5~6.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-26T00:00:00", "type": "openvas", "title": "Fedora Update for mingw-podofo FEDORA-2018-2807317e7a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5308", "CVE-2018-8000", "CVE-2017-7381", "CVE-2017-6843", "CVE-2017-8787", "CVE-2017-7383", "CVE-2017-6845", "CVE-2017-7994", "CVE-2017-5852", "CVE-2017-6842", "CVE-2017-8054", "CVE-2017-7378", "CVE-2017-5886", "CVE-2017-7382", "CVE-2017-5854", "CVE-2017-5855", "CVE-2018-5295", "CVE-2017-5853", "CVE-2017-6844", "CVE-2017-7379", "CVE-2017-6848", "CVE-2017-7380", "CVE-2017-6847", "CVE-2017-6840", "CVE-2017-8378"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874740", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874740", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2807317e7a_mingw-podofo_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for mingw-podofo FEDORA-2018-2807317e7a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874740\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-26 06:05:46 +0200 (Tue, 26 Jun 2018)\");\n script_cve_id(\"CVE-2017-7380\", \"CVE-2017-7381\", \"CVE-2017-7382\", \"CVE-2017-7383\",\n \"CVE-2017-5852\", \"CVE-2017-5853\", \"CVE-2017-6844\", \"CVE-2017-5854\",\n \"CVE-2017-5855\", \"CVE-2017-5886\", \"CVE-2018-8000\", \"CVE-2017-6840\",\n \"CVE-2017-6842\", \"CVE-2017-6843\", \"CVE-2017-6845\", \"CVE-2017-6847\",\n \"CVE-2017-6848\", \"CVE-2017-7378\", \"CVE-2017-7379\", \"CVE-2017-7994\",\n \"CVE-2017-8054\", \"CVE-2017-8378\", \"CVE-2017-8787\", \"CVE-2018-5295\",\n \"CVE-2018-5308\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for mingw-podofo FEDORA-2018-2807317e7a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mingw-podofo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"mingw-podofo on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2807317e7a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQK6XI7F62RB2RAR7ADGIHYR2V5TU6KP\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"mingw32-podofo\", rpm:\"mingw32-podofo~0.9.5~6.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mingw64-podofo\", rpm:\"mingw64-podofo~0.9.5~6.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-26T00:00:00", "type": "openvas", "title": "Fedora Update for podofo FEDORA-2018-2f3c0cdf93", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8053", "CVE-2018-5308", "CVE-2018-8000", "CVE-2017-7381", "CVE-2017-6843", "CVE-2017-8787", "CVE-2017-7383", "CVE-2017-6845", "CVE-2017-7994", "CVE-2017-5852", "CVE-2017-6842", "CVE-2017-8054", "CVE-2017-7378", "CVE-2017-5886", "CVE-2017-7382", "CVE-2017-5854", "CVE-2017-5855", "CVE-2018-5296", "CVE-2018-5295", "CVE-2017-5853", "CVE-2017-6844", "CVE-2015-8981", "CVE-2017-7379", "CVE-2017-6848", "CVE-2017-7380", "CVE-2017-6847", "CVE-2017-6840", "CVE-2017-8378"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874741", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874741", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_2f3c0cdf93_podofo_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for podofo FEDORA-2018-2f3c0cdf93\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874741\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-26 06:06:51 +0200 (Tue, 26 Jun 2018)\");\n script_cve_id(\"CVE-2017-7380\", \"CVE-2017-7381\", \"CVE-2017-7382\", \"CVE-2017-7383\",\n \"CVE-2017-5852\", \"CVE-2017-5853\", \"CVE-2017-6844\", \"CVE-2017-5854\",\n \"CVE-2017-5855\", \"CVE-2017-5886\", \"CVE-2018-8000\", \"CVE-2017-6840\",\n \"CVE-2017-6842\", \"CVE-2017-6843\", \"CVE-2017-6845\", \"CVE-2017-6847\",\n \"CVE-2017-6848\", \"CVE-2017-7378\", \"CVE-2017-7379\", \"CVE-2017-7994\",\n \"CVE-2017-8054\", \"CVE-2017-8378\", \"CVE-2017-8787\", \"CVE-2018-5295\",\n \"CVE-2018-5308\", \"CVE-2015-8981\", \"CVE-2017-8053\", \"CVE-2018-5296\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for podofo FEDORA-2018-2f3c0cdf93\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'podofo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on\nthe target host.\");\n script_tag(name:\"affected\", value:\"podofo on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-2f3c0cdf93\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OEMA3VKO24P6OVWPTL7HRIU53H6FCBAJ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"podofo\", rpm:\"podofo~0.9.5~9.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-26T00:00:00", "type": "openvas", "title": "Fedora Update for podofo FEDORA-2018-5bd16d6143", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-8053", "CVE-2018-5308", "CVE-2018-8000", "CVE-2017-7381", "CVE-2017-6843", "CVE-2017-8787", "CVE-2017-7383", "CVE-2017-6845", "CVE-2017-7994", "CVE-2017-5852", "CVE-2017-6842", "CVE-2017-8054", "CVE-2017-7378", "CVE-2017-5886", "CVE-2017-7382", "CVE-2017-5854", "CVE-2017-5855", "CVE-2018-5296", "CVE-2018-5295", "CVE-2017-5853", "CVE-2017-6844", "CVE-2015-8981", "CVE-2017-7379", "CVE-2017-6848", "CVE-2017-7380", "CVE-2017-6847", "CVE-2017-6840", "CVE-2017-8378"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874739", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874739", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_5bd16d6143_podofo_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for podofo FEDORA-2018-5bd16d6143\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874739\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-26 06:04:17 +0200 (Tue, 26 Jun 2018)\");\n script_cve_id(\"CVE-2017-7380\", \"CVE-2017-7381\", \"CVE-2017-7382\", \"CVE-2017-7383\",\n \"CVE-2017-5852\", \"CVE-2017-5853\", \"CVE-2017-6844\", \"CVE-2017-5854\",\n \"CVE-2017-5855\", \"CVE-2017-5886\", \"CVE-2018-8000\", \"CVE-2017-6840\",\n \"CVE-2017-6842\", \"CVE-2017-6843\", \"CVE-2017-6845\", \"CVE-2017-6847\",\n \"CVE-2017-6848\", \"CVE-2017-7378\", \"CVE-2017-7379\", \"CVE-2017-7994\",\n \"CVE-2017-8054\", \"CVE-2017-8378\", \"CVE-2017-8787\", \"CVE-2018-5295\",\n \"CVE-2018-5308\", \"CVE-2015-8981\", \"CVE-2017-8053\", \"CVE-2018-5296\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for podofo FEDORA-2018-5bd16d6143\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'podofo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"podofo on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-5bd16d6143\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2U7MKKI2OP43FRIS44DJXIJYDWTNAWQ6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"podofo\", rpm:\"podofo~0.9.5~9.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "MinGW Windows podofo library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-25T10:55:06", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: mingw-podofo-0.9.5-6.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5852", "CVE-2017-5853", "CVE-2017-5854", "CVE-2017-5855", "CVE-2017-5886", "CVE-2017-6840", "CVE-2017-6842", "CVE-2017-6843", "CVE-2017-6844", "CVE-2017-6845", "CVE-2017-6847", "CVE-2017-6848", "CVE-2017-7378", "CVE-2017-7379", "CVE-2017-7380", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383", "CVE-2017-7994", "CVE-2017-8054", "CVE-2017-8378", "CVE-2017-8787", "CVE-2018-5295", "CVE-2018-5308", "CVE-2018-8000"], "modified": "2018-06-25T10:55:06", "id": "FEDORA:EEAC26087896", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/C2XDSNP6BNWOCCEK553GHMEH44HB532M/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "MinGW Windows podofo library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-25T10:23:06", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: mingw-podofo-0.9.5-6.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5852", "CVE-2017-5853", "CVE-2017-5854", "CVE-2017-5855", "CVE-2017-5886", "CVE-2017-6840", "CVE-2017-6842", "CVE-2017-6843", "CVE-2017-6844", "CVE-2017-6845", "CVE-2017-6847", "CVE-2017-6848", "CVE-2017-7378", "CVE-2017-7379", "CVE-2017-7380", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383", "CVE-2017-7994", "CVE-2017-8054", "CVE-2017-8378", "CVE-2017-8787", "CVE-2018-5295", "CVE-2018-5308", "CVE-2018-8000"], "modified": "2018-06-25T10:23:06", "id": "FEDORA:95B5C6087798", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BQK6XI7F62RB2RAR7ADGIHYR2V5TU6KP/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF (Portable Document Format). A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files and modify their contents into memory. The changes can be written back to disk easily. The parser can also be used to extract information from a PDF file (for example the parser could be used in a PDF viewer). Besides parsing PoDoFo includes also very simple classes to create your own PDF files. All classes are documented so it is easy to start writi ng your own application using PoDoFo. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-25T10:23:05", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: podofo-0.9.5-9.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5852", "CVE-2017-5853", "CVE-2017-5854", "CVE-2017-5855", "CVE-2017-5886", "CVE-2017-6840", "CVE-2017-6842", "CVE-2017-6843", "CVE-2017-6844", "CVE-2017-6845", "CVE-2017-6847", "CVE-2017-6848", "CVE-2017-7378", "CVE-2017-7379", "CVE-2017-7380", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383", "CVE-2017-7994", "CVE-2017-8053", "CVE-2017-8054", "CVE-2017-8378", "CVE-2017-8787", "CVE-2018-5295", "CVE-2018-5296", "CVE-2018-5308", "CVE-2018-8000"], "modified": "2018-06-25T10:23:05", "id": "FEDORA:6105B601E815", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OEMA3VKO24P6OVWPTL7HRIU53H6FCBAJ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF (Portable Document Format). A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files and modify their contents into memory. The changes can be written back to disk easily. The parser can also be used to extract information from a PDF file (for example the parser could be used in a PDF viewer). Besides parsing PoDoFo includes also very simple classes to create your own PDF files. All classes are documented so it is easy to start writi ng your own application using PoDoFo. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-25T10:55:05", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: podofo-0.9.5-9.fc28", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5852", "CVE-2017-5853", "CVE-2017-5854", "CVE-2017-5855", "CVE-2017-5886", "CVE-2017-6840", "CVE-2017-6842", "CVE-2017-6843", "CVE-2017-6844", "CVE-2017-6845", "CVE-2017-6847", "CVE-2017-6848", "CVE-2017-7378", "CVE-2017-7379", "CVE-2017-7380", "CVE-2017-7381", "CVE-2017-7382", "CVE-2017-7383", "CVE-2017-7994", "CVE-2017-8053", "CVE-2017-8054", "CVE-2017-8378", "CVE-2017-8787", "CVE-2018-5295", "CVE-2018-5296", "CVE-2018-5308", "CVE-2018-8000"], "modified": "2018-06-25T10:55:05", "id": "FEDORA:CAF31608793A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2U7MKKI2OP43FRIS44DJXIJYDWTNAWQ6/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2017-7382
