Vulnerabilities > CVE-2010-3704 - Improper Input Validation vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.

Vulnerable Configurations

Part Description Count
Application
Poppler
35
Application
Foolabs
18
Application
Glyphandcog
37
Application
Kde
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familyWindows
    NASL idOPENOFFICE_33.NASL
    descriptionThe version of Oracle OpenOffice.org installed on the remote host is prior to 3.3. It is, therefore, affected by several issues : - Issues exist relating to PowerPoint document processing that may lead to arbitrary code execution. (CVE-2010-2935, CVE-2010-2936) - A directory traversal vulnerability exists in zip / jar package extraction. (CVE-2010-3450) - Issues exist relating to RTF document processing that may lead to arbitrary code execution. (CVE-2010-3451, CVE-2010-3452) - Issues exist relating to Word document processing that may lead to arbitrary code execution. (CVE-2010-3453, CVE-2010-3454) - Issues exist in the third-party XPDF library relating to PDF document processing that may allow arbitrary code execution. (CVE-2010-3702, CVE-2010-3704) - OpenOffice.org includes a version of LIBXML2 that is affected by multiple vulnerabilities. (CVE-2010-4008, CVE-2010-4494) - An issue exists with PNG file processing that may allow arbitrary code execution. (CVE-2010-4253) - An issue exists with TGA file processing that may allow arbitrary code execution. (CVE-2010-4643)
    last seen2020-06-01
    modified2020-06-02
    plugin id51773
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51773
    titleOracle OpenOffice.org < 3.3 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51773);
      script_version("1.19");
      script_cvs_date("Date: 2018/11/15 20:50:27");
    
      script_cve_id(
        "CVE-2010-2935",
        "CVE-2010-2936",
        "CVE-2010-3450",
        "CVE-2010-3451",
        "CVE-2010-3452",
        "CVE-2010-3453",
        "CVE-2010-3454",
        "CVE-2010-3702",
        "CVE-2010-3704",
        "CVE-2010-4008",
        "CVE-2010-4253",
        "CVE-2010-4494",
        "CVE-2010-4643"
      );
      script_bugtraq_id(42202, 44779, 45617, 46031);
      script_xref(name:"Secunia", value:"40775");
    
      script_name(english:"Oracle OpenOffice.org < 3.3 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of OpenOffice.org.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Windows host has a program affected by multiple
    vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The version of Oracle OpenOffice.org installed on the remote host is 
    prior to 3.3. It is, therefore, affected by several issues :
    
      - Issues exist relating to PowerPoint document processing
        that may lead to arbitrary code execution.
        (CVE-2010-2935, CVE-2010-2936)
    
      - A directory traversal vulnerability exists in zip / jar
        package extraction. (CVE-2010-3450)
    
      - Issues exist relating to RTF document processing that
        may lead to arbitrary code execution. (CVE-2010-3451,
        CVE-2010-3452)
    
      - Issues exist relating to Word document processing that
        may lead to arbitrary code execution. (CVE-2010-3453,
        CVE-2010-3454)
    
      - Issues exist in the third-party XPDF library relating
        to PDF document processing that may allow arbitrary code
        execution. (CVE-2010-3702, CVE-2010-3704)
    
      - OpenOffice.org includes a version of LIBXML2 that is
        affected by multiple vulnerabilities. (CVE-2010-4008,
        CVE-2010-4494)
    
      - An issue exists with PNG file processing that may allow
        arbitrary code execution. (CVE-2010-4253)
    
      - An issue exists with TGA file processing that may allow
        arbitrary code execution. (CVE-2010-4643)");
    
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2011/Jan/487");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3450.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-4253.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-4643.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Oracle OpenOffice.org version 3.3 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_set_attribute(attribute:"vuln_publication_date",value:"2011/01/26");
      script_set_attribute(attribute:"patch_publication_date",value:"2011/01/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:openoffice.org");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("openoffice_installed.nasl");
      script_require_keys("SMB/OpenOffice/Build");
    
      exit(0);
    }
    
    
    build = get_kb_item("SMB/OpenOffice/Build");
    if (build)
    {
      matches = eregmatch(string:build, pattern:"([0-9]+[a-z][0-9]+)\(Build:([0-9]+)\)");
      if (!isnull(matches))
      {
        buildid = int(matches[2]);
        if (buildid < 9567) 
          security_hole(get_kb_item("SMB/transport"));
        else
         exit(0,"Build " + buildid + " is not affected.");
      }
      else exit(1, "Failed to extract the build number from '"+build+"'.");
    }
    else exit(1, "The 'SMB/OpenOffice/Build' KB item is missing.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0755.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id49802
    published2010-10-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49802
    titleRHEL 4 : cups (RHSA-2010:0755)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2010:0755. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49802);
      script_version ("1.19");
      script_cvs_date("Date: 2019/10/25 13:36:15");
    
      script_cve_id("CVE-2009-3609", "CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704");
      script_bugtraq_id(36703);
      script_xref(name:"RHSA", value:"2010:0755");
    
      script_name(english:"RHEL 4 : cups (RHSA-2010:0755)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups packages that fix multiple security issues are now
    available for Red Hat Enterprise Linux 4.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The Common UNIX Printing System (CUPS) provides a portable printing
    layer for UNIX operating systems. The CUPS 'pdftops' filter converts
    Portable Document Format (PDF) files to PostScript.
    
    Multiple flaws were discovered in the CUPS 'pdftops' filter. An
    attacker could create a malicious PDF file that, when printed, would
    cause 'pdftops' to crash or, potentially, execute arbitrary code as
    the 'lp' user. (CVE-2010-3702, CVE-2009-3609)
    
    Users of cups are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. After installing
    this update, the cupsd daemon will be restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2009-3609"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-3702"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2010:0755"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected cups, cups-devel and / or cups-libs packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/10/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2010:0755";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"cups-1.1.22-0.rc1.9.32.el4_8.10")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"cups-devel-1.1.22-0.rc1.9.32.el4_8.10")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"cups-libs-1.1.22-0.rc1.9.32.el4_8.10")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBPOPPLER-DEVEL-101021.NASL
    descriptionspecially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code (CVE-2010-3702, CVE-2010-3704)
    last seen2020-06-01
    modified2020-06-02
    plugin id53677
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53677
    titleopenSUSE Security Update : libpoppler-devel (openSUSE-SU-2010:0976-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update libpoppler-devel-3382.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(53677);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:38");
    
      script_cve_id("CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704");
    
      script_name(english:"openSUSE Security Update : libpoppler-devel (openSUSE-SU-2010:0976-1)");
      script_summary(english:"Check for the libpoppler-devel-3382 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "specially crafted PDF files could crash poppler or potentially even
    cause execution of arbitrary code (CVE-2010-3702, CVE-2010-3704)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=642785"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2010-11/msg00036.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpoppler-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpoppler-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpoppler-glib-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpoppler-glib4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpoppler-qt2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpoppler-qt3-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpoppler-qt4-3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpoppler-qt4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpoppler4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:poppler-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/10/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/05/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.1", reference:"libpoppler-devel-0.10.1-1.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"libpoppler-glib-devel-0.10.1-1.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"libpoppler-glib4-0.10.1-1.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"libpoppler-qt2-0.10.1-1.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"libpoppler-qt3-devel-0.10.1-1.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"libpoppler-qt4-3-0.10.1-1.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"libpoppler-qt4-devel-0.10.1-1.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"libpoppler4-0.10.1-1.9.1") ) flag++;
    if ( rpm_check(release:"SUSE11.1", reference:"poppler-tools-0.10.1-1.9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpoppler-devel / libpoppler-glib-devel / libpoppler-glib4 / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-16705.NASL
    descriptionapply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50480
    published2010-11-05
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50480
    titleFedora 12 : xpdf-3.02-16.fc12 (2010-16705)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-16705.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(50480);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:32");
    
      script_cve_id("CVE-2010-3702", "CVE-2010-3704");
      script_bugtraq_id(43841, 43845);
      script_xref(name:"FEDORA", value:"2010-16705");
    
      script_name(english:"Fedora 12 : xpdf-3.02-16.fc12 (2010-16705)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "apply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=595245"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=638960"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050390.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c3889358"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xpdf package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:xpdf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/10/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC12", reference:"xpdf-3.02-16.fc12")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xpdf");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XPDF-7190.NASL
    descriptionA specially crafted PDF files could crash xpdf or potentially even cause execution of arbitrary code. (CVE-2010-3702 / CVE-2010-3703 / CVE-2010-3704)
    last seen2020-06-01
    modified2020-06-02
    plugin id51365
    published2010-12-23
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51365
    titleSuSE 10 Security Update : xpdf (ZYPP Patch Number 7190)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51365);
      script_version ("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:40");
    
      script_cve_id("CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704");
    
      script_name(english:"SuSE 10 Security Update : xpdf (ZYPP Patch Number 7190)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A specially crafted PDF files could crash xpdf or potentially even
    cause execution of arbitrary code. (CVE-2010-3702 / CVE-2010-3703 /
    CVE-2010-3704)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-3702.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-3703.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2010-3704.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7190.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/10/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:3, reference:"xpdf-tools-3.01-21.24.1")) flag++;
    if (rpm_check(release:"SLES10", sp:3, reference:"xpdf-tools-3.01-21.24.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0754.NASL
    descriptionUpdated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id49813
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49813
    titleCentOS 3 : cups (CESA-2010:0754)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2010:0754 and 
    # CentOS Errata and Security Advisory 2010:0754 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49813);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/25 13:36:05");
    
      script_cve_id("CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704");
      script_xref(name:"RHSA", value:"2010:0754");
    
      script_name(english:"CentOS 3 : cups (CESA-2010:0754)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups packages that fix one security issue are now available
    for Red Hat Enterprise Linux 3.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    The Common UNIX Printing System (CUPS) provides a portable printing
    layer for UNIX operating systems. The CUPS 'pdftops' filter converts
    Portable Document Format (PDF) files to PostScript.
    
    An uninitialized pointer use flaw was discovered in the CUPS 'pdftops'
    filter. An attacker could create a malicious PDF file that, when
    printed, would cause 'pdftops' to crash or, potentially, execute
    arbitrary code as the 'lp' user. (CVE-2010-3702)
    
    Users of cups are advised to upgrade to these updated packages, which
    contain a backported patch to correct this issue. After installing
    this update, the cupsd daemon will be restarted automatically."
      );
      # https://lists.centos.org/pipermail/centos-announce/2010-October/017043.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?824e6381"
      );
      # https://lists.centos.org/pipermail/centos-announce/2010-October/017044.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a19b7b65"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected cups packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/10/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"cups-1.1.17-13.3.70")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"cups-1.1.17-13.3.70")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"cups-devel-1.1.17-13.3.70")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"cups-devel-1.1.17-13.3.70")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"cups-libs-1.1.17-13.3.70")) flag++;
    if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"cups-libs-1.1.17-13.3.70")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0752.NASL
    descriptionFrom Red Hat Security Advisory 2010:0752 : An updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. GPdf is a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68113
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68113
    titleOracle Linux 4 : gpdf (ELSA-2010-0752)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2010:0752 and 
    # Oracle Linux Security Advisory ELSA-2010-0752 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68113);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704");
      script_xref(name:"RHSA", value:"2010:0752");
    
      script_name(english:"Oracle Linux 4 : gpdf (ELSA-2010-0752)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2010:0752 :
    
    An updated gpdf package that fixes two security issues is now
    available for Red Hat Enterprise Linux 4.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    GPdf is a viewer for Portable Document Format (PDF) files.
    
    An uninitialized pointer use flaw was discovered in GPdf. An attacker
    could create a malicious PDF file that, when opened, would cause GPdf
    to crash or, potentially, execute arbitrary code. (CVE-2010-3702)
    
    An array index error was found in the way GPdf parsed PostScript Type
    1 fonts embedded in PDF documents. An attacker could create a
    malicious PDF file that, when opened, would cause GPdf to crash or,
    potentially, execute arbitrary code. (CVE-2010-3704)
    
    Users are advised to upgrade to this updated package, which contains
    backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2010-October/001678.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gpdf package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gpdf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/10/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", reference:"gpdf-2.8.2-7.7.2.el4_8.7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gpdf");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2010-324-02.NASL
    descriptionNew poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50661
    published2010-11-22
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50661
    titleSlackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : poppler (SSA:2010-324-02)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0753.NASL
    descriptionFrom Red Hat Security Advisory 2010:0753 : Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in KPDF. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way KPDF parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68114
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68114
    titleOracle Linux 4 : kdegraphics (ELSA-2010-0753)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-16662.NASL
    descriptionapply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50479
    published2010-11-05
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50479
    titleFedora 13 : xpdf-3.02-16.fc13 (2010-16662)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-230.NASL
    descriptionMultiple vulnerabilities were discovered and corrected in poppler : The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50582
    published2010-11-14
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50582
    titleMandriva Linux Security Advisory : poppler (MDVSA-2010:230)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0755.NASL
    descriptionFrom Red Hat Security Advisory 2010:0755 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id68116
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68116
    titleOracle Linux 4 : cups (ELSA-2010-0755)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-231.NASL
    descriptionMultiple vulnerabilities were discovered and corrected in poppler : The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference (CVE-2010-3703). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50583
    published2010-11-14
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50583
    titleMandriva Linux Security Advisory : poppler (MDVSA-2010:231)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0754.NASL
    descriptionFrom Red Hat Security Advisory 2010:0754 : Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id68115
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68115
    titleOracle Linux 3 : cups (ELSA-2010-0754)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201310-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201310-03 (Poppler: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Poppler. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted PDF file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id70309
    published2013-10-07
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70309
    titleGLSA-201310-03 : Poppler: Multiple vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-1201.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code : Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61651
    published2012-08-24
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61651
    titleCentOS 5 : tetex (CESA-2012:1201)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_OPENOFFICE_ORG-110330.NASL
    descriptionMaintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. - fixed security bugs : - PowerPoint document processing (CVE-2010-2935, CVE-2010-2936) - extensions and filter package files (CVE-2010-3450) - RTF document processing (CVE-2010-3451, CVE-2010-3452) - Word document processing (CVE-2010-3453, CVE-2010-3454) - insecure LD_LIBRARY_PATH usage (CVE-2010-3689) - PDF Import extension resulting from 3rd party library XPD (CVE-2010-3702, CVE-2010-3704) - PNG file processing (CVE-2010-4253) - TGA file processing (CVE-2010-4643) - most important changes : - maintenance update (bnc#667421, MaintenanceTracker-38738) - enabled KDE3 support (bnc#678998) - libreoffice-3.3.1.2 == 3.3.1-rc2 == final - fixed audio/video playback in presentation (deb#612940, bnc#651250) - fixed non-working input methods in KDE4 (bnc#665112) - fixed occasional blank first slide (fdo#34533) - fixed cairo canvas edge count calculation (bnc#647959) - updated to libreoffice-3.3.1.2 (3.3.1-rc2) : - l10n - updated some translations - libs-core - crashing oosplash and malformed picture (bnc#652562) - Byref and declare Basic statement (fdo#33964, i#115716) - fixed BorderLine(2) conversion to SvxBorderLine (fdo#34226) - libs-gui - getEnglishSearchFontName() searches Takao fonts - sdk - fix ODK settings.mk to only set STLPORTLIB if needed - writer - rtfExport::HackIsWW8OrHigher(): return true (fdo#33478) - visual editor destroys formulas containing symbols (fdo#32759, fdo#32755) - enabled KDE4 support for SLED11; LO-3.3.1 fixed the remaining annoying bugs - fixed EMF+ import (bnc#650049) - updated to libreoffice-3.3.1.1 (3.3.1-rc1) : - artwork - new MIME type icons for LibreOffice - bootstrap - wrong line break with ( (fdo#31271) - build - default formula string (n#664516) - don
    last seen2020-06-01
    modified2020-06-02
    plugin id53784
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53784
    titleopenSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0337-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0750.NASL
    descriptionAn updated xpdf package that fixes one security issue is now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id49797
    published2010-10-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49797
    titleRHEL 3 : xpdf (RHSA-2010:0750)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-228.NASL
    descriptionMultiple vulnerabilities were discovered and corrected in xpdf : The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90 The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50581
    published2010-11-14
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50581
    titleMandriva Linux Security Advisory : xpdf (MDVSA-2010:228)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1005-1.NASL
    descriptionIt was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50045
    published2010-10-20
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50045
    titleUbuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : poppler vulnerabilities (USN-1005-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-15857.NASL
    description - Bug #595245 - CVE-2010-3702 xpdf: uninitialized Gfx::parser pointer dereference - Bug #638960 - CVE-2010-3704 xpdf: array indexing error in FoFiType1::parse() - Bug #639356 - CVE-2010-3703 poppler: use of initialized pointer in PostScriptFunction Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50005
    published2010-10-18
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50005
    titleFedora 14 : poppler-0.14.4-1.fc14 (2010-15857)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0859.NASL
    descriptionUpdated poppler packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50631
    published2010-11-18
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50631
    titleRHEL 6 : poppler (RHSA-2010:0859)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_XPDF-101015.NASL
    descriptionA specially crafted PDF files could crash xpdf or potentially even cause execution of arbitrary code. (CVE-2010-3702 / CVE-2010-3703 / CVE-2010-3704)
    last seen2020-06-01
    modified2020-06-02
    plugin id51637
    published2011-01-21
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51637
    titleSuSE 11.1 Security Update : xpdf (SAT Patch Number 3377)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_OPENOFFICE_ORG-110330.NASL
    descriptionMaintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. - fixed security bugs : - PowerPoint document processing (CVE-2010-2935, CVE-2010-2936) - extensions and filter package files (CVE-2010-3450) - RTF document processing (CVE-2010-3451, CVE-2010-3452) - Word document processing (CVE-2010-3453, CVE-2010-3454) - insecure LD_LIBRARY_PATH usage (CVE-2010-3689) - PDF Import extension resulting from 3rd party library XPD (CVE-2010-3702, CVE-2010-3704) - PNG file processing (CVE-2010-4253) - TGA file processing (CVE-2010-4643) - most important changes : - add conflicts to force migration to libreoffice - obsolete Quickstarter - enabled KDE3 support (bnc#678998) - libreoffice-3.3.1.2 == 3.3.1-rc2 == final - fixed audio/video playback in presentation (deb#612940, bnc#651250) - fixed non-working input methods in KDE4 (bnc#665112) - fixed occasional blank first slide (fdo#34533) - fixed cairo canvas edge count calculation (bnc#647959) - updated to libreoffice-3.3.1.2 (3.3.1-rc2) : - l10n - updated some translations - libs-core - crashing oosplash and malformed picture (bnc#652562) - Byref and declare Basic statement (fdo#33964, i#115716) - fixed BorderLine(2) conversion to SvxBorderLine (fdo#34226) - libs-gui - getEnglishSearchFontName() searches Takao fonts - sdk - fix ODK settings.mk to only set STLPORTLIB if needed - writer - rtfExport::HackIsWW8OrHigher(): return true (fdo#33478) - visual editor destroys formulas containing symbols (fdo#32759, fdo#32755) - enabled KDE4 support for SLED11; LO-3.3.1 fixed the remaining annoying bugs - fixed EMF+ import (bnc#650049) - updated to libreoffice-3.3.1.1 (3.3.1-rc1) : - artwork - new MIME type icons for LibreOffice - bootstrap - wrong line break with ( (fdo#31271) - build - default formula string (n#664516) - don
    last seen2020-06-01
    modified2020-06-02
    plugin id75687
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75687
    titleopenSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0336-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0749.NASL
    descriptionUpdated poppler packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. An uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49796
    published2010-10-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49796
    titleRHEL 5 : poppler (RHSA-2010:0749)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0753.NASL
    descriptionUpdated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in KPDF. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way KPDF parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49800
    published2010-10-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49800
    titleRHEL 4 / 5 : kdegraphics (RHSA-2010:0753)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0859.NASL
    descriptionFrom Red Hat Security Advisory 2010:0859 : Updated poppler packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68137
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68137
    titleOracle Linux 6 : poppler (ELSA-2010-0859)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2135.NASL
    descriptionJoel Voss of Leviathan Security Group discovered two vulnerabilities in xpdf rendering engine, which may lead to the execution of arbitrary code if a malformed PDF file is opened.
    last seen2020-06-01
    modified2020-06-02
    plugin id51397
    published2011-01-03
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51397
    titleDebian DSA-2135-1 : xpdf - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-15911.NASL
    description - Thu Oct 7 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-6 - Add poppler-0.12.4-CVE-2010-3702.patch (Properly initialize parser) - Add poppler-0.12.4-CVE-2010-3703.patch (Properly initialize stack) - Add poppler-0.12.4-CVE-2010-3704.patch (Fix crash in broken pdf (code < 0)) - Resolves: #639861 - Mon Jul 19 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-5 - Accept 4-digit values in ToUnicode CMaps - (#574964) - Tue Jun 29 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-4 - A little modification of poppler-0.12.4-TextOutputDev.patch - Tue Jun 29 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-3 - Fix initialization of members of TextOutputDev in its constructor - (#606870) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50027
    published2010-10-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50027
    titleFedora 13 : poppler-0.12.4-6.fc13 (2010-15911)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-1201.NASL
    descriptionFrom Red Hat Security Advisory 2012:1201 : Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code : Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68602
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68602
    titleOracle Linux 5 : tetex (ELSA-2012-1201)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20101007_GPDF_ON_SL4_X.NASL
    descriptionAn uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704)
    last seen2020-06-01
    modified2020-06-02
    plugin id60864
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60864
    titleScientific Linux Security Update : gpdf on SL4.x i386/x86_64
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20101110_POPPLER_ON_SL6_X.NASL
    descriptionTwo uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)
    last seen2020-06-01
    modified2020-06-02
    plugin id60896
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60896
    titleScientific Linux Security Update : poppler on SL6.x i386/x86_64
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20101007_KDEGRAPHICS_ON_SL4_X.NASL
    descriptionAn uninitialized pointer use flaw was discovered in KPDF. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way KPDF parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3704)
    last seen2020-06-01
    modified2020-06-02
    plugin id60865
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60865
    titleScientific Linux Security Update : kdegraphics on SL4.x, SL5.x i386/x86_64
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201402-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201402-17 (Xpdf: User-assisted execution of arbitrary code) Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could execute arbitrary code or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id72549
    published2014-02-18
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72549
    titleGLSA-201402-17 : Xpdf: User-assisted execution of arbitrary code
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0755.NASL
    descriptionUpdated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id49814
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49814
    titleCentOS 4 : cups (CESA-2010:0755)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0752.NASL
    descriptionAn updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. GPdf is a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49811
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49811
    titleCentOS 4 : gpdf (CESA-2010:0752)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0750.NASL
    descriptionAn updated xpdf package that fixes one security issue is now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id49809
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49809
    titleCentOS 3 : xpdf (CESA-2010:0750)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBPOPPLER-DEVEL-101016.NASL
    descriptionSpecially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code (CVE-2010-3702, CVE-2010-3703, CVE-2010-3704)
    last seen2020-06-01
    modified2020-06-02
    plugin id75606
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75606
    titleopenSUSE Security Update : libpoppler-devel (openSUSE-SU-2010:0976-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-1201.NASL
    descriptionUpdated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code : Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61653
    published2012-08-24
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61653
    titleRHEL 5 : tetex (RHSA-2012:1201)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0752.NASL
    descriptionAn updated gpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. GPdf is a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49799
    published2010-10-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49799
    titleRHEL 4 : gpdf (RHSA-2010:0752)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBREOFFICE331-110318.NASL
    descriptionMaintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. List of LibreOffice-3.3 features : General - online help - common search toolbar - new easier
    last seen2020-06-01
    modified2020-06-02
    plugin id52735
    published2011-03-21
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52735
    titleSuSE 11.1 Security Update : Libreoffice (SAT Patch Number 4082)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBREOFFICE331-7365.NASL
    descriptionMaintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. List of LibreOffice-3.3 features : General - online help - common search toolbar - new easier
    last seen2020-06-01
    modified2020-06-02
    plugin id52738
    published2011-03-21
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52738
    titleSuSE 10 Security Update : Libreoffice (ZYPP Patch Number 7365)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0750.NASL
    descriptionFrom Red Hat Security Advisory 2010:0750 : An updated xpdf package that fixes one security issue is now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id68111
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68111
    titleOracle Linux 3 : xpdf (ELSA-2010-0750)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0753.NASL
    descriptionUpdated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in KPDF. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way KPDF parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49812
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49812
    titleCentOS 4 / 5 : kdegraphics (CESA-2010:0753)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_XPDF-101014.NASL
    descriptionspecially crafted PDF files could crash xpdf or potentially even cause execution of arbitrary code (CVE-2010-3702, CVE-2010-3703, CVE-2010-3704)
    last seen2020-06-01
    modified2020-06-02
    plugin id53690
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53690
    titleopenSUSE Security Update : xpdf (openSUSE-SU-2010:1091-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20101007_POPPLER_ON_SL5_X.NASL
    descriptionAn uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704)
    last seen2020-06-01
    modified2020-06-02
    plugin id60866
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60866
    titleScientific Linux Security Update : poppler on SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KDEGRAPHICS3-7235.NASL
    descriptionVarious pointer dereferencing vulnerabilities in kdegraphics3
    last seen2020-06-01
    modified2020-06-02
    plugin id51113
    published2010-12-10
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51113
    titleSuSE 10 Security Update : kdegraphics (ZYPP Patch Number 7235)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0751.NASL
    descriptionFrom Red Hat Security Advisory 2010:0751 : An updated xpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68112
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68112
    titleOracle Linux 4 : xpdf (ELSA-2010-0751)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-15981.NASL
    description - Thu Oct 7 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-5 - Add poppler-0.12.4-CVE-2010-3702.patch (Properly initialize parser) - Add poppler-0.12.4-CVE-2010-3703.patch (Properly initialize stack) - Add poppler-0.12.4-CVE-2010-3704.patch (Fix crash in broken pdf (code < 0)) - Resolves: #639861 - Mon Jul 19 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-4 - Accept 4-digit values in ToUnicode CMaps - (#574964) - Tue Jun 29 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-3 - Fix initialization of members of TextOutputDev in its constructor - (#606870) - Thu Mar 4 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-2 - Fix showing of radio buttons (#480868) - Fri Feb 19 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-1 - Update to 0.12.4 - Mon Feb 15 2010 Marek Kasik <mkasik at redhat.com> - 0.12.3-9 - Fix downscaling of rotated pages (#563353) - Thu Jan 28 2010 Marek Kasik <mkasik at redhat.com> - 0.12.3-8 - Get current FcConfig before using it (#533992) - Sun Jan 24 2010 Rex Dieter <rdieter at fedoraproject.org> - 0.12.3-7 - use alternative/upstream downscale patch (#556549, fdo#5589) - Wed Jan 20 2010 Marek Kasik <mkasik at redhat.com> - 0.12.3-6 - Add dependency on poppler-data (#553991) - Tue Jan 19 2010 Rex Dieter <rdieter at fedoraproject.org> - 0.12.3-5 - cairo backend, scale images correctly (#556549, fdo#5589) - Fri Jan 15 2010 Rex Dieter <rdieter at fedoraproject.org> - 0.12.3-4 - Sanitize versioned Obsoletes/Provides - Fri Jan 15 2010 Marek Kasik <mkasik at redhat.com> - 0.12.3-3 - Correct permissions of goo/GooTimer.h - Convert pdftohtml.1 to utf8 - Make the pdftohtml
    last seen2020-06-01
    modified2020-06-02
    plugin id50033
    published2010-10-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/50033
    titleFedora 12 : poppler-0.12.4-5.fc12 (2010-15981)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20101007_XPDF_ON_SL3_X.NASL
    descriptionAn uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (SL4 only - CVE-2010-3704)
    last seen2020-06-01
    modified2020-06-02
    plugin id60867
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60867
    titleScientific Linux Security Update : xpdf on SL3.x, SL4.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBPOPPLER-DEVEL-101016.NASL
    descriptionSpecially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code (CVE-2010-3702 / CVE-2010-3704). This has been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id50942
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50942
    titleSuSE 11 Security Update : libpoppler (SAT Patch Number 3337)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0147.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Resolves: rhbz#1479815 (CVE-2017-9776) - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id102905
    published2017-09-01
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102905
    titleOracleVM 3.3 / 3.4 : poppler (OVMSA-2017-0147)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0749.NASL
    descriptionUpdated poppler packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. An uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49936
    published2010-10-12
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49936
    titleCentOS 5 : poppler (CESA-2010:0749)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBPOPPLER-DEVEL-101016.NASL
    descriptionSpecially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code (CVE-2010-3702, CVE-2010-3704)
    last seen2020-06-01
    modified2020-06-02
    plugin id53755
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53755
    titleopenSUSE Security Update : libpoppler-devel (openSUSE-SU-2010:0976-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-16744.NASL
    descriptionapply xpdf-3.02pl5 security patch to fix CVE-2010-3702, CVS-2010-3704 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50483
    published2010-11-05
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50483
    titleFedora 14 : xpdf-3.02-16.fc14 (2010-16744)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120823_TETEX_ON_SL5_X.NASL
    descriptionteTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code : Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code : An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704) All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-03-18
    modified2012-08-24
    plugin id61657
    published2012-08-24
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61657
    titleScientific Linux Security Update : tetex on SL5.x i386/x86_64 (20120823)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F2B43905354511E08E810022190034C0.NASL
    descriptionOpenOffice.org Security Team reports : Fixed in OpenOffice.org 3.3 - CVE-2010-2935 / CVE-2010-2936: Security Vulnerability in OpenOffice.org related to PowerPoint document processing - CVE-2010-3450: Security Vulnerability in OpenOffice.org related to Extensions and filter package files - CVE-2010-3451 / CVE-2010-3452: Security Vulnerability in OpenOffice.org related to RTF document processing - CVE-2010-3453 / CVE-2010-3454: Security Vulnerability in OpenOffice.org related to Word document processing - CVE-2010-3689: Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts - CVE-2010-3702 / CVE-2010-3704: Security Vulnerability in OpenOffice.org
    last seen2020-06-01
    modified2020-06-02
    plugin id51966
    published2011-02-14
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51966
    titleFreeBSD : openoffice.org -- Multiple vulnerabilities (f2b43905-3545-11e0-8e81-0022190034c0)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0751.NASL
    descriptionAn updated xpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49810
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49810
    titleCentOS 4 : xpdf (CESA-2010:0751)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0751.NASL
    descriptionAn updated xpdf package that fixes two security issues is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49798
    published2010-10-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49798
    titleRHEL 4 : xpdf (RHSA-2010:0751)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBPOPPLER-DEVEL-101017.NASL
    descriptionSpecially crafted PDF files could crash poppler or potentially even cause execution of arbitrary code (CVE-2010-3702 / CVE-2010-3703 / CVE-2010-3704). This has been fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id51622
    published2011-01-21
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51622
    titleSuSE 11.1 Security Update : libpoppler (SAT Patch Number 3338)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0749.NASL
    descriptionFrom Red Hat Security Advisory 2010:0749 : Updated poppler packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. An uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68110
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68110
    titleOracle Linux 5 : poppler (ELSA-2010-0749)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2010-324-01.NASL
    descriptionNew xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id50660
    published2010-11-22
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50660
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 9.1 / current : xpdf (SSA:2010-324-01)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0754.NASL
    descriptionUpdated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 3. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS
    last seen2020-06-01
    modified2020-06-02
    plugin id49801
    published2010-10-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49801
    titleRHEL 3 : cups (RHSA-2010:0754)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2119.NASL
    descriptionJoel Voss of Leviathan Security Group discovered two vulnerabilities in the Poppler PDF rendering library, which may lead to the execution of arbitrary code if a malformed PDF file is opened.
    last seen2020-06-01
    modified2020-06-02
    plugin id49965
    published2010-10-14
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49965
    titleDebian DSA-2119-1 : poppler - several vulnerabilities

Redhat

advisories
  • bugzilla
    id638960
    titleCVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentpoppler-devel is earlier than 0:0.5.4-4.4.el5_5.14
            ovaloval:com.redhat.rhsa:tst:20100749001
          • commentpoppler-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070732002
        • AND
          • commentpoppler is earlier than 0:0.5.4-4.4.el5_5.14
            ovaloval:com.redhat.rhsa:tst:20100749003
          • commentpoppler is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070732004
        • AND
          • commentpoppler-utils is earlier than 0:0.5.4-4.4.el5_5.14
            ovaloval:com.redhat.rhsa:tst:20100749005
          • commentpoppler-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070732006
    rhsa
    idRHSA-2010:0749
    released2010-10-07
    severityImportant
    titleRHSA-2010:0749: poppler security update (Important)
  • bugzilla
    id638960
    titleCVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentxpdf is earlier than 1:3.00-24.el4_8.1
        ovaloval:com.redhat.rhsa:tst:20100751001
      • commentxpdf is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060201002
    rhsa
    idRHSA-2010:0751
    released2010-10-07
    severityImportant
    titleRHSA-2010:0751: xpdf security update (Important)
  • bugzilla
    id638960
    titleCVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentgpdf is earlier than 0:2.8.2-7.7.2.el4_8.7
        ovaloval:com.redhat.rhsa:tst:20100752001
      • commentgpdf is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060177002
    rhsa
    idRHSA-2010:0752
    released2010-10-07
    severityImportant
    titleRHSA-2010:0752: gpdf security update (Important)
  • bugzilla
    id638960
    titleCVE-2010-3704 xpdf: array indexing error in FoFiType1::parse()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentkdegraphics-devel is earlier than 7:3.3.1-18.el4_8.1
            ovaloval:com.redhat.rhsa:tst:20100753001
          • commentkdegraphics-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060206002
        • AND
          • commentkdegraphics is earlier than 7:3.3.1-18.el4_8.1
            ovaloval:com.redhat.rhsa:tst:20100753003
          • commentkdegraphics is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060206004
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentkdegraphics-devel is earlier than 7:3.5.4-17.el5_5.1
            ovaloval:com.redhat.rhsa:tst:20100753006
          • commentkdegraphics-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070729007
        • AND
          • commentkdegraphics is earlier than 7:3.5.4-17.el5_5.1
            ovaloval:com.redhat.rhsa:tst:20100753008
          • commentkdegraphics is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070729009
    rhsa
    idRHSA-2010:0753
    released2010-10-07
    severityImportant
    titleRHSA-2010:0753: kdegraphics security update (Important)
  • bugzilla
    id639356
    titleCVE-2010-3703 poppler: use of initialized pointer in PostScriptFunction
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentpoppler-qt-devel is earlier than 0:0.12.4-3.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100859001
          • commentpoppler-qt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100859002
        • AND
          • commentpoppler-glib is earlier than 0:0.12.4-3.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100859003
          • commentpoppler-glib is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100859004
        • AND
          • commentpoppler-qt4 is earlier than 0:0.12.4-3.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100859005
          • commentpoppler-qt4 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100859006
        • AND
          • commentpoppler-devel is earlier than 0:0.12.4-3.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100859007
          • commentpoppler-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100859008
        • AND
          • commentpoppler-glib-devel is earlier than 0:0.12.4-3.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100859009
          • commentpoppler-glib-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100859010
        • AND
          • commentpoppler-qt is earlier than 0:0.12.4-3.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100859011
          • commentpoppler-qt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100859012
        • AND
          • commentpoppler-qt4-devel is earlier than 0:0.12.4-3.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100859013
          • commentpoppler-qt4-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100859014
        • AND
          • commentpoppler is earlier than 0:0.12.4-3.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100859015
          • commentpoppler is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100859016
        • AND
          • commentpoppler-utils is earlier than 0:0.12.4-3.el6_0.1
            ovaloval:com.redhat.rhsa:tst:20100859017
          • commentpoppler-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100859018
    rhsa
    idRHSA-2010:0859
    released2010-11-09
    severityImportant
    titleRHSA-2010:0859: poppler security update (Important)
  • rhsa
    idRHSA-2012:1201
rpms
  • poppler-0:0.5.4-4.4.el5_5.14
  • poppler-debuginfo-0:0.5.4-4.4.el5_5.14
  • poppler-devel-0:0.5.4-4.4.el5_5.14
  • poppler-utils-0:0.5.4-4.4.el5_5.14
  • xpdf-1:3.00-24.el4_8.1
  • xpdf-debuginfo-1:3.00-24.el4_8.1
  • gpdf-0:2.8.2-7.7.2.el4_8.7
  • gpdf-debuginfo-0:2.8.2-7.7.2.el4_8.7
  • kdegraphics-7:3.3.1-18.el4_8.1
  • kdegraphics-7:3.5.4-17.el5_5.1
  • kdegraphics-debuginfo-7:3.3.1-18.el4_8.1
  • kdegraphics-debuginfo-7:3.5.4-17.el5_5.1
  • kdegraphics-devel-7:3.3.1-18.el4_8.1
  • kdegraphics-devel-7:3.5.4-17.el5_5.1
  • poppler-0:0.12.4-3.el6_0.1
  • poppler-debuginfo-0:0.12.4-3.el6_0.1
  • poppler-devel-0:0.12.4-3.el6_0.1
  • poppler-glib-0:0.12.4-3.el6_0.1
  • poppler-glib-devel-0:0.12.4-3.el6_0.1
  • poppler-qt-0:0.12.4-3.el6_0.1
  • poppler-qt-devel-0:0.12.4-3.el6_0.1
  • poppler-qt4-0:0.12.4-3.el6_0.1
  • poppler-qt4-devel-0:0.12.4-3.el6_0.1
  • poppler-utils-0:0.12.4-3.el6_0.1
  • tetex-0:3.0-33.15.el5_8.1
  • tetex-afm-0:3.0-33.15.el5_8.1
  • tetex-debuginfo-0:3.0-33.15.el5_8.1
  • tetex-doc-0:3.0-33.15.el5_8.1
  • tetex-dvips-0:3.0-33.15.el5_8.1
  • tetex-fonts-0:3.0-33.15.el5_8.1
  • tetex-latex-0:3.0-33.15.el5_8.1
  • tetex-xdvi-0:3.0-33.15.el5_8.1

References