Vulnerabilities > CVE-2018-10768 - NULL Pointer Dereference vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

nessus

NVD

Published: 2018-05-06

Updated: 2019-04-25

Summary

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

Vulnerable Configurations

Part	Description	Count
Application	Freedesktop Freedesktop Poppler - Freedesktop Poppler 0.1 Freedesktop Poppler 0.1.1 Freedesktop Poppler 0.1.2 Freedesktop Poppler 0.2.0 Freedesktop Poppler 0.3.0 Freedesktop Poppler 0.3.1 Freedesktop Poppler 0.3.2 Freedesktop Poppler 0.3.3 Freedesktop Poppler 0.4.0 Freedesktop Poppler 0.4.1 Freedesktop Poppler 0.4.2 Freedesktop Poppler 0.4.3 Freedesktop Poppler 0.4.4 Freedesktop Poppler 0.5.0 Freedesktop Poppler 0.5.1 Freedesktop Poppler 0.5.2 Freedesktop Poppler 0.5.3 Freedesktop Poppler 0.5.4 Freedesktop Poppler 0.5.9 Freedesktop Poppler 0.5.90 Freedesktop Poppler 0.5.91 Freedesktop Poppler 0.6.0 Freedesktop Poppler 0.6.1 Freedesktop Poppler 0.6.2 Freedesktop Poppler 0.6.3 Freedesktop Poppler 0.6.4 Freedesktop Poppler 0.7.0 Freedesktop Poppler 0.7.1 Freedesktop Poppler 0.7.2 Freedesktop Poppler 0.7.3 Freedesktop Poppler 0.8.0 Freedesktop Poppler 0.8.1 Freedesktop Poppler 0.8.2 Freedesktop Poppler 0.8.3 Freedesktop Poppler 0.8.4 Freedesktop Poppler 0.8.5 Freedesktop Poppler 0.8.6 Freedesktop Poppler 0.8.7 Freedesktop Poppler 0.9.0 Freedesktop Poppler 0.9.1 Freedesktop Poppler 0.9.2 Freedesktop Poppler 0.9.3 Freedesktop Poppler 0.10.0 Freedesktop Poppler 0.10.1 Freedesktop Poppler 0.10.2 Freedesktop Poppler 0.10.3 Freedesktop Poppler 0.10.4 Freedesktop Poppler 0.10.5 Freedesktop Poppler 0.10.6 Freedesktop Poppler 0.10.7 Freedesktop Poppler 0.11.0 Freedesktop Poppler 0.11.1 Freedesktop Poppler 0.11.2 Freedesktop Poppler 0.11.3 Freedesktop Poppler 0.12.0 Freedesktop Poppler 0.12.1 Freedesktop Poppler 0.12.2 Freedesktop Poppler 0.12.3 Freedesktop Poppler 0.12.4 Freedesktop Poppler 0.13.0 Freedesktop Poppler 0.13.1 Freedesktop Poppler 0.13.2 Freedesktop Poppler 0.13.3 Freedesktop Poppler 0.13.4 Freedesktop Poppler 0.14.0 Freedesktop Poppler 0.14.1 Freedesktop Poppler 0.14.2 Freedesktop Poppler 0.14.3 Freedesktop Poppler 0.14.4 Freedesktop Poppler 0.14.5 Freedesktop Poppler 0.15.0 Freedesktop Poppler 0.15.1 Freedesktop Poppler 0.15.2 Freedesktop Poppler 0.15.3 Freedesktop Poppler 0.16.0 Freedesktop Poppler 0.16.1 Freedesktop Poppler 0.16.2 Freedesktop Poppler 0.16.3 Freedesktop Poppler 0.16.4 Freedesktop Poppler 0.16.5 Freedesktop Poppler 0.16.6 Freedesktop Poppler 0.16.7 Freedesktop Poppler 0.17.0 Freedesktop Poppler 0.17.1 Freedesktop Poppler 0.17.2 Freedesktop Poppler 0.17.3 Freedesktop Poppler 0.17.4 Freedesktop Poppler 0.18.0 Freedesktop Poppler 0.18.1 Freedesktop Poppler 0.18.2 Freedesktop Poppler 0.18.3 Freedesktop Poppler 0.18.4 Freedesktop Poppler 0.19.0 Freedesktop Poppler 0.19.1 Freedesktop Poppler 0.19.2 Freedesktop Poppler 0.19.3 Freedesktop Poppler 0.19.4 Freedesktop Poppler 0.20.0 Freedesktop Poppler 0.20.1 Freedesktop Poppler 0.20.2 Freedesktop Poppler 0.20.3 Freedesktop Poppler 0.20.4 Freedesktop Poppler 0.20.5 Freedesktop Poppler 0.21.0 Freedesktop Poppler 0.21.1 Freedesktop Poppler 0.21.2 Freedesktop Poppler 0.21.3 Freedesktop Poppler 0.21.4 Freedesktop Poppler 0.22.0 Freedesktop Poppler 0.22.1 Freedesktop Poppler 0.22.2 Freedesktop Poppler 0.22.3 Freedesktop Poppler 0.22.4 Freedesktop Poppler 0.22.5 Freedesktop Poppler 0.23.0 Freedesktop Poppler 0.23.1 Freedesktop Poppler 0.23.2 Freedesktop Poppler 0.23.3 Freedesktop Poppler 0.23.4 Freedesktop Poppler 0.24.0 Freedesktop Poppler 0.24.1 Freedesktop Poppler 0.24.2 Freedesktop Poppler 0.24.3 Freedesktop Poppler 0.24.4 Freedesktop Poppler 0.24.5 Freedesktop Poppler 0.25.0 Freedesktop Poppler 0.25.1 Freedesktop Poppler 0.25.2 Freedesktop Poppler 0.25.3 Freedesktop Poppler 0.26.0 Freedesktop Poppler 0.26.1 Freedesktop Poppler 0.26.2 Freedesktop Poppler 0.26.3 Freedesktop Poppler 0.26.4 Freedesktop Poppler 0.26.5 Freedesktop Poppler 0.28.0 Freedesktop Poppler 0.28.1 Freedesktop Poppler 0.29.0 Freedesktop Poppler 0.30.0 Freedesktop Poppler 0.31.0 Freedesktop Poppler 0.32.0 Freedesktop Poppler 0.33.0 Freedesktop Poppler 0.34.0 Freedesktop Poppler 0.35.0 Freedesktop Poppler 0.36.0 Freedesktop Poppler 0.37.0 Freedesktop Poppler 0.38.0 Freedesktop Poppler 0.39.0 Freedesktop Poppler 0.40.0	150
Application	Redhat Redhat Ansible Tower 3.3	1
OS	Canonical Canonical Ubuntu Linux 14.04	1
OS	Debian Debian Debian Linux 8.0	1
OS	Redhat Redhat Enterprise Linux Desktop 7.0 Redhat Enterprise Linux Workstation 7.0 Redhat Enterprise Linux Server 7.0	3

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	Amazon Linux Local Security Checks
NASL id	AL2_ALAS-2019-1217.NASL
description	There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack. Poppler versions later than 0.41.0 are not affected.(CVE-2018-10768) The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.(CVE-2017-18267) Poppler contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.(CVE-2018-13988)
last seen	2020-06-01
modified	2020-06-02
plugin id	125600
published	2019-05-31
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/125600
title	Amazon Linux 2 : poppler (ALAS-2019-1217)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1217. # include("compat.inc"); if (description) { script_id(125600); script_version("1.2"); script_cvs_date("Date: 2019/06/04 9:45:00"); script_cve_id("CVE-2017-18267", "CVE-2018-10768", "CVE-2018-13988"); script_xref(name:"ALAS", value:"2019-1217"); script_name(english:"Amazon Linux 2 : poppler (ALAS-2019-1217)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack. Poppler versions later than 0.41.0 are not affected.(CVE-2018-10768) The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.(CVE-2017-18267) Poppler contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.(CVE-2018-13988)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1217.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update poppler' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-cpp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-cpp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-demos"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-glib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-glib-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-qt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/06"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", reference:"poppler-0.26.5-20.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"poppler-cpp-0.26.5-20.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"poppler-cpp-devel-0.26.5-20.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"poppler-debuginfo-0.26.5-20.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"poppler-demos-0.26.5-20.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"poppler-devel-0.26.5-20.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"poppler-glib-0.26.5-20.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"poppler-glib-devel-0.26.5-20.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"poppler-qt-0.26.5-20.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"poppler-qt-devel-0.26.5-20.amzn2")) flag++; if (rpm_check(release:"AL2", reference:"poppler-utils-0.26.5-20.amzn2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler / poppler-cpp / poppler-cpp-devel / poppler-debuginfo / etc"); }

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1219.NASL
description	According to the version of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.(CVE-2018-10768) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2018-07-03
plugin id	110883
published	2018-07-03
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110883
title	EulerOS 2.0 SP2 : poppler (EulerOS-SA-2018-1219)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110883); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04"); script_cve_id( "CVE-2018-10768" ); script_name(english:"EulerOS 2.0 SP2 : poppler (EulerOS-SA-2018-1219)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.(CVE-2018-10768) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1219 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6b3713e7"); script_set_attribute(attribute:"solution", value: "Update the affected poppler package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-glib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) \|\| release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) \|\| sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["poppler-0.26.5-17.h11", "poppler-glib-0.26.5-17.h11", "poppler-qt-0.26.5-17.h11", "poppler-utils-0.26.5-17.h11"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2018-3140.NASL
description	An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix(es) : * libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) * poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267) * libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733) * libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767) * poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768) * poppler: out of bounds read in pdfunite (CVE-2018-13988) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank chenyuan (NESA Lab) for reporting CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting CVE-2018-13988. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	118995
published	2018-11-16
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118995
title	CentOS 7 : PackageKit / accountsservice / adwaita-icon-theme / appstream-data / at-spi2-atk / etc (CESA-2018:3140)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1226.NASL
description	According to the version of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.(CVE-2018-10768) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-06
modified	2018-08-10
plugin id	111646
published	2018-08-10
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111646
title	EulerOS 2.0 SP3 : poppler (EulerOS-SA-2018-1226)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20181030_GNOME_ON_SL7_X.NASL
description	Security Fix(es) : - libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) - poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267) - libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733) - libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767) - poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768) - poppler: out of bounds read in pdfunite (CVE-2018-13988) Additional Changes : - PackageKit is now aware of our SL7 minor release upgrade tool.
last seen	2020-03-18
modified	2018-11-27
plugin id	119177
published	2018-11-27
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119177
title	Scientific Linux Security Update : GNOME on SL7.x x86_64 (20181030)

NASL family	NewStart CGSL Local Security Checks
NASL id	NEWSTART_CGSL_NS-SA-2019-0045_POPPLER.NASL
description	The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has poppler packages installed that are affected by multiple vulnerabilities: - Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. (CVE-2018-13988) - There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. (CVE-2018-10768) - The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. (CVE-2017-18267) Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	127224
published	2019-08-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/127224
title	NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2019-0045)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2018-3140.NASL
description	An update is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix(es) : * libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) * poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267) * libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733) * libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767) * poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768) * poppler: out of bounds read in pdfunite (CVE-2018-13988) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank chenyuan (NESA Lab) for reporting CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting CVE-2018-13988. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	118726
published	2018-11-05
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118726
title	RHEL 7 : GNOME (RHSA-2018:3140)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3647-1.NASL
description	It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. (CVE-2017-18267) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-10768). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	109863
published	2018-05-16
reporter	Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/109863
title	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : poppler vulnerabilities (USN-3647-1)

NASL family	Huawei Local Security Checks
NASL id	EULEROS_SA-2018-1393.NASL
description	According to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768) - poppler: out of bounds read in pdfunite (CVE-2018-13988) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-05-15
modified	2018-12-10
plugin id	119521
published	2018-12-10
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119521
title	EulerOS 2.0 SP3 : poppler (EulerOS-SA-2018-1393)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2018-1110.NASL
description	There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack.(CVE-2018-10768) The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.(CVE-2017-18267) Poppler contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.(CVE-2018-13988)
last seen	2020-06-01
modified	2020-06-02
plugin id	119469
published	2018-12-07
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119469
title	Amazon Linux AMI : poppler (ALAS-2018-1110)

Redhat

advisories

rhsa
id RHBA-2019:0327
rhsa
id RHSA-2018:3140
rhsa
id RHSA-2018:3505

rpms

PackageKit-0:1.1.10-1.el7
PackageKit-command-not-found-0:1.1.10-1.el7
PackageKit-cron-0:1.1.10-1.el7
PackageKit-debuginfo-0:1.1.10-1.el7
PackageKit-glib-0:1.1.10-1.el7
PackageKit-glib-devel-0:1.1.10-1.el7
PackageKit-gstreamer-plugin-0:1.1.10-1.el7
PackageKit-gtk3-module-0:1.1.10-1.el7
PackageKit-yum-0:1.1.10-1.el7
PackageKit-yum-plugin-0:1.1.10-1.el7
accountsservice-0:0.6.50-2.el7
accountsservice-debuginfo-0:0.6.50-2.el7
accountsservice-devel-0:0.6.50-2.el7
accountsservice-libs-0:0.6.50-2.el7
adwaita-cursor-theme-0:3.28.0-1.el7
adwaita-gtk2-theme-0:3.28-2.el7
adwaita-icon-theme-0:3.28.0-1.el7
adwaita-icon-theme-devel-0:3.28.0-1.el7
appstream-data-0:7-20180614.el7
at-spi2-atk-0:2.26.2-1.el7
at-spi2-atk-debuginfo-0:2.26.2-1.el7
at-spi2-atk-devel-0:2.26.2-1.el7
at-spi2-core-0:2.28.0-1.el7
at-spi2-core-debuginfo-0:2.28.0-1.el7
at-spi2-core-devel-0:2.28.0-1.el7
atk-0:2.28.1-1.el7
atk-debuginfo-0:2.28.1-1.el7
atk-devel-0:2.28.1-1.el7
baobab-0:3.28.0-2.el7
baobab-debuginfo-0:3.28.0-2.el7
bolt-0:0.4-3.el7
bolt-debuginfo-0:0.4-3.el7
brasero-0:3.12.2-5.el7
brasero-debuginfo-0:3.12.2-5.el7
brasero-devel-0:3.12.2-5.el7
brasero-libs-0:3.12.2-5.el7
brasero-nautilus-0:3.12.2-5.el7
cairo-0:1.15.12-3.el7
cairo-debuginfo-0:1.15.12-3.el7
cairo-devel-0:1.15.12-3.el7
cairo-gobject-0:1.15.12-3.el7
cairo-gobject-devel-0:1.15.12-3.el7
cairo-tools-0:1.15.12-3.el7
cheese-2:3.28.0-1.el7
cheese-debuginfo-2:3.28.0-1.el7
cheese-libs-2:3.28.0-1.el7
cheese-libs-devel-2:3.28.0-1.el7
clutter-gst3-0:3.0.26-1.el7
clutter-gst3-debuginfo-0:3.0.26-1.el7
clutter-gst3-devel-0:3.0.26-1.el7
compat-exiv2-023-0:0.23-2.el7
compat-exiv2-023-debuginfo-0:0.23-2.el7
compat-libical1-0:1.0.1-2.el7
control-center-1:3.28.1-4.el7
control-center-debuginfo-1:3.28.1-4.el7
control-center-filesystem-1:3.28.1-4.el7
dconf-0:0.28.0-4.el7
dconf-debuginfo-0:0.28.0-4.el7
dconf-devel-0:0.28.0-4.el7
dconf-editor-0:3.28.0-1.el7
dconf-editor-debuginfo-0:3.28.0-1.el7
devhelp-1:3.28.1-1.el7
devhelp-debuginfo-1:3.28.1-1.el7
devhelp-devel-1:3.28.1-1.el7
devhelp-libs-1:3.28.1-1.el7
ekiga-0:4.0.1-8.el7
ekiga-debuginfo-0:4.0.1-8.el7
empathy-0:3.12.13-1.el7
empathy-debuginfo-0:3.12.13-1.el7
eog-0:3.28.3-1.el7
eog-debuginfo-0:3.28.3-1.el7
eog-devel-0:3.28.3-1.el7
evince-0:3.28.2-5.el7
evince-browser-plugin-0:3.28.2-5.el7
evince-debuginfo-0:3.28.2-5.el7
evince-devel-0:3.28.2-5.el7
evince-dvi-0:3.28.2-5.el7
evince-libs-0:3.28.2-5.el7
evince-nautilus-0:3.28.2-5.el7
evolution-0:3.28.5-2.el7
evolution-bogofilter-0:3.28.5-2.el7
evolution-data-server-0:3.28.5-1.el7
evolution-data-server-debuginfo-0:3.28.5-1.el7
evolution-data-server-devel-0:3.28.5-1.el7
evolution-data-server-doc-0:3.28.5-1.el7
evolution-data-server-langpacks-0:3.28.5-1.el7
evolution-data-server-perl-0:3.28.5-1.el7
evolution-data-server-tests-0:3.28.5-1.el7
evolution-debuginfo-0:3.28.5-2.el7
evolution-devel-0:3.28.5-2.el7
evolution-devel-docs-0:3.28.5-2.el7
evolution-ews-0:3.28.5-1.el7
evolution-ews-debuginfo-0:3.28.5-1.el7
evolution-ews-langpacks-0:3.28.5-1.el7
evolution-help-0:3.28.5-2.el7
evolution-langpacks-0:3.28.5-2.el7
evolution-mapi-0:3.28.3-2.el7
evolution-mapi-debuginfo-0:3.28.3-2.el7
evolution-mapi-langpacks-0:3.28.3-2.el7
evolution-pst-0:3.28.5-2.el7
evolution-spamassassin-0:3.28.5-2.el7
evolution-tests-0:3.28.5-2.el7
file-roller-0:3.28.1-2.el7
file-roller-debuginfo-0:3.28.1-2.el7
file-roller-nautilus-0:3.28.1-2.el7
flatpak-0:1.0.2-2.el7
flatpak-builder-0:1.0.0-2.el7
flatpak-debuginfo-0:1.0.2-2.el7
flatpak-devel-0:1.0.2-2.el7
flatpak-libs-0:1.0.2-2.el7
folks-1:0.11.4-1.el7
folks-debuginfo-1:0.11.4-1.el7
folks-devel-1:0.11.4-1.el7
folks-tools-1:0.11.4-1.el7
fontconfig-0:2.13.0-4.3.el7
fontconfig-debuginfo-0:2.13.0-4.3.el7
fontconfig-devel-0:2.13.0-4.3.el7
fontconfig-devel-doc-0:2.13.0-4.3.el7
freetype-0:2.8-12.el7
freetype-debuginfo-0:2.8-12.el7
freetype-demos-0:2.8-12.el7
freetype-devel-0:2.8-12.el7
fribidi-0:1.0.2-1.el7
fribidi-debuginfo-0:1.0.2-1.el7
fribidi-devel-0:1.0.2-1.el7
fwupd-0:1.0.8-4.el7
fwupd-debuginfo-0:1.0.8-4.el7
fwupd-devel-0:1.0.8-4.el7
fwupdate-0:12-5.el7
fwupdate-debuginfo-0:12-5.el7
fwupdate-devel-0:12-5.el7
fwupdate-efi-0:12-5.el7
fwupdate-libs-0:12-5.el7
gcr-0:3.28.0-1.el7
gcr-debuginfo-0:3.28.0-1.el7
gcr-devel-0:3.28.0-1.el7
gdk-pixbuf2-0:2.36.12-3.el7
gdk-pixbuf2-debuginfo-0:2.36.12-3.el7
gdk-pixbuf2-devel-0:2.36.12-3.el7
gdk-pixbuf2-tests-0:2.36.12-3.el7
gdm-1:3.28.2-9.el7
gdm-debuginfo-1:3.28.2-9.el7
gdm-devel-1:3.28.2-9.el7
gdm-pam-extensions-devel-1:3.28.2-9.el7
gedit-2:3.28.1-1.el7
gedit-debuginfo-2:3.28.1-1.el7
gedit-devel-2:3.28.1-1.el7
gedit-plugin-bookmarks-0:3.28.1-1.el7
gedit-plugin-bracketcompletion-0:3.28.1-1.el7
gedit-plugin-charmap-0:3.28.1-1.el7
gedit-plugin-codecomment-0:3.28.1-1.el7
gedit-plugin-colorpicker-0:3.28.1-1.el7
gedit-plugin-colorschemer-0:3.28.1-1.el7
gedit-plugin-commander-0:3.28.1-1.el7
gedit-plugin-drawspaces-0:3.28.1-1.el7
gedit-plugin-findinfiles-0:3.28.1-1.el7
gedit-plugin-joinlines-0:3.28.1-1.el7
gedit-plugin-multiedit-0:3.28.1-1.el7
gedit-plugin-smartspaces-0:3.28.1-1.el7
gedit-plugin-synctex-0:3.28.1-1.el7
gedit-plugin-terminal-0:3.28.1-1.el7
gedit-plugin-textsize-0:3.28.1-1.el7
gedit-plugin-translate-0:3.28.1-1.el7
gedit-plugin-wordcompletion-0:3.28.1-1.el7
gedit-plugins-0:3.28.1-1.el7
gedit-plugins-data-0:3.28.1-1.el7
gedit-plugins-debuginfo-0:3.28.1-1.el7
geoclue2-0:2.4.8-1.el7
geoclue2-debuginfo-0:2.4.8-1.el7
geoclue2-demos-0:2.4.8-1.el7
geoclue2-devel-0:2.4.8-1.el7
geoclue2-libs-0:2.4.8-1.el7
geocode-glib-0:3.26.0-2.el7
geocode-glib-debuginfo-0:3.26.0-2.el7
geocode-glib-devel-0:3.26.0-2.el7
gjs-0:1.52.3-1.el7
gjs-debuginfo-0:1.52.3-1.el7
gjs-devel-0:1.52.3-1.el7
gjs-tests-0:1.52.3-1.el7
glade-0:3.22.1-1.el7
glade-debuginfo-0:3.22.1-1.el7
glade-devel-0:3.22.1-1.el7
glade-libs-0:3.22.1-1.el7
glib-networking-0:2.56.1-1.el7
glib-networking-debuginfo-0:2.56.1-1.el7
glib-networking-tests-0:2.56.1-1.el7
glib2-0:2.56.1-2.el7
glib2-debuginfo-0:2.56.1-2.el7
glib2-devel-0:2.56.1-2.el7
glib2-doc-0:2.56.1-2.el7
glib2-fam-0:2.56.1-2.el7
glib2-static-0:2.56.1-2.el7
glib2-tests-0:2.56.1-2.el7
glibmm24-0:2.56.0-1.el7
glibmm24-debuginfo-0:2.56.0-1.el7
glibmm24-devel-0:2.56.0-1.el7
glibmm24-doc-0:2.56.0-1.el7
gnome-backgrounds-0:3.28.0-1.el7
gnome-bluetooth-1:3.28.2-1.el7
gnome-bluetooth-debuginfo-1:3.28.2-1.el7
gnome-bluetooth-libs-1:3.28.2-1.el7
gnome-bluetooth-libs-devel-1:3.28.2-1.el7
gnome-boxes-0:3.28.5-2.el7
gnome-boxes-debuginfo-0:3.28.5-2.el7
gnome-calculator-0:3.28.2-1.el7
gnome-calculator-debuginfo-0:3.28.2-1.el7
gnome-classic-session-0:3.28.1-5.el7
gnome-clocks-0:3.28.0-1.el7
gnome-clocks-debuginfo-0:3.28.0-1.el7
gnome-color-manager-0:3.28.0-1.el7
gnome-color-manager-debuginfo-0:3.28.0-1.el7
gnome-contacts-0:3.28.2-1.el7
gnome-contacts-debuginfo-0:3.28.2-1.el7
gnome-desktop3-0:3.28.2-2.el7
gnome-desktop3-debuginfo-0:3.28.2-2.el7
gnome-desktop3-devel-0:3.28.2-2.el7
gnome-desktop3-tests-0:3.28.2-2.el7
gnome-devel-docs-0:3.28.0-1.el7
gnome-dictionary-0:3.26.1-2.el7
gnome-dictionary-debuginfo-0:3.26.1-2.el7
gnome-disk-utility-0:3.28.3-1.el7
gnome-disk-utility-debuginfo-0:3.28.3-1.el7
gnome-documents-0:3.28.2-1.el7
gnome-documents-debuginfo-0:3.28.2-1.el7
gnome-documents-libs-0:3.28.2-1.el7
gnome-font-viewer-0:3.28.0-1.el7
gnome-font-viewer-debuginfo-0:3.28.0-1.el7
gnome-getting-started-docs-0:3.28.2-1.el7
gnome-getting-started-docs-cs-0:3.28.2-1.el7
gnome-getting-started-docs-de-0:3.28.2-1.el7
gnome-getting-started-docs-es-0:3.28.2-1.el7
gnome-getting-started-docs-fr-0:3.28.2-1.el7
gnome-getting-started-docs-gl-0:3.28.2-1.el7
gnome-getting-started-docs-hu-0:3.28.2-1.el7
gnome-getting-started-docs-it-0:3.28.2-1.el7
gnome-getting-started-docs-pl-0:3.28.2-1.el7
gnome-getting-started-docs-pt_BR-0:3.28.2-1.el7
gnome-getting-started-docs-ru-0:3.28.2-1.el7
gnome-initial-setup-0:3.28.0-1.el7
gnome-initial-setup-debuginfo-0:3.28.0-1.el7
gnome-keyring-0:3.28.2-1.el7
gnome-keyring-debuginfo-0:3.28.2-1.el7
gnome-keyring-pam-0:3.28.2-1.el7
gnome-online-accounts-0:3.28.0-1.el7
gnome-online-accounts-debuginfo-0:3.28.0-1.el7
gnome-online-accounts-devel-0:3.28.0-1.el7
gnome-online-miners-0:3.26.0-1.el7
gnome-online-miners-debuginfo-0:3.26.0-1.el7
gnome-packagekit-0:3.28.0-1.el7
gnome-packagekit-common-0:3.28.0-1.el7
gnome-packagekit-debuginfo-0:3.28.0-1.el7
gnome-packagekit-installer-0:3.28.0-1.el7
gnome-packagekit-updater-0:3.28.0-1.el7
gnome-screenshot-0:3.26.0-1.el7
gnome-screenshot-debuginfo-0:3.26.0-1.el7
gnome-session-0:3.28.1-5.el7
gnome-session-custom-session-0:3.28.1-5.el7
gnome-session-debuginfo-0:3.28.1-5.el7
gnome-session-wayland-session-0:3.28.1-5.el7
gnome-session-xsession-0:3.28.1-5.el7
gnome-settings-daemon-0:3.28.1-2.el7
gnome-settings-daemon-debuginfo-0:3.28.1-2.el7
gnome-settings-daemon-devel-0:3.28.1-2.el7
gnome-shell-0:3.28.3-6.el7
gnome-shell-debuginfo-0:3.28.3-6.el7
gnome-shell-extension-alternate-tab-0:3.28.1-5.el7
gnome-shell-extension-apps-menu-0:3.28.1-5.el7
gnome-shell-extension-auto-move-windows-0:3.28.1-5.el7
gnome-shell-extension-common-0:3.28.1-5.el7
gnome-shell-extension-dash-to-dock-0:3.28.1-5.el7
gnome-shell-extension-drive-menu-0:3.28.1-5.el7
gnome-shell-extension-launch-new-instance-0:3.28.1-5.el7
gnome-shell-extension-native-window-placement-0:3.28.1-5.el7
gnome-shell-extension-no-hot-corner-0:3.28.1-5.el7
gnome-shell-extension-panel-favorites-0:3.28.1-5.el7
gnome-shell-extension-places-menu-0:3.28.1-5.el7
gnome-shell-extension-screenshot-window-sizer-0:3.28.1-5.el7
gnome-shell-extension-systemMonitor-0:3.28.1-5.el7
gnome-shell-extension-top-icons-0:3.28.1-5.el7
gnome-shell-extension-updates-dialog-0:3.28.1-5.el7
gnome-shell-extension-user-theme-0:3.28.1-5.el7
gnome-shell-extension-window-list-0:3.28.1-5.el7
gnome-shell-extension-windowsNavigator-0:3.28.1-5.el7
gnome-shell-extension-workspace-indicator-0:3.28.1-5.el7
gnome-software-0:3.28.2-3.el7
gnome-software-debuginfo-0:3.28.2-3.el7
gnome-software-devel-0:3.28.2-3.el7
gnome-software-editor-0:3.28.2-3.el7
gnome-system-monitor-0:3.28.2-1.el7
gnome-system-monitor-debuginfo-0:3.28.2-1.el7
gnome-terminal-0:3.28.2-2.el7
gnome-terminal-debuginfo-0:3.28.2-2.el7
gnome-terminal-nautilus-0:3.28.2-2.el7
gnome-themes-standard-0:3.28-2.el7
gnome-themes-standard-debuginfo-0:3.28-2.el7
gnome-tweak-tool-0:3.28.1-2.el7
gnome-user-docs-0:3.28.2-1.el7
gnote-0:3.28.0-1.el7
gnote-debuginfo-0:3.28.0-1.el7
gobject-introspection-0:1.56.1-1.el7
gobject-introspection-debuginfo-0:1.56.1-1.el7
gobject-introspection-devel-0:1.56.1-1.el7
gom-0:0.3.3-1.el7
gom-debuginfo-0:0.3.3-1.el7
gom-devel-0:0.3.3-1.el7
google-noto-emoji-color-fonts-0:20180508-4.el7
google-noto-emoji-fonts-0:20180508-4.el7
grilo-0:0.3.6-1.el7
grilo-debuginfo-0:0.3.6-1.el7
grilo-devel-0:0.3.6-1.el7
grilo-plugins-0:0.3.7-1.el7
grilo-plugins-debuginfo-0:0.3.7-1.el7
gsettings-desktop-schemas-0:3.28.0-2.el7
gsettings-desktop-schemas-devel-0:3.28.0-2.el7
gspell-0:1.6.1-1.el7
gspell-debuginfo-0:1.6.1-1.el7
gspell-devel-0:1.6.1-1.el7
gspell-doc-0:1.6.1-1.el7
gssdp-0:1.0.2-1.el7
gssdp-debuginfo-0:1.0.2-1.el7
gssdp-devel-0:1.0.2-1.el7
gssdp-docs-0:1.0.2-1.el7
gssdp-utils-0:1.0.2-1.el7
gstreamer1-plugins-base-0:1.10.4-2.el7
gstreamer1-plugins-base-debuginfo-0:1.10.4-2.el7
gstreamer1-plugins-base-devel-0:1.10.4-2.el7
gstreamer1-plugins-base-devel-docs-0:1.10.4-2.el7
gstreamer1-plugins-base-tools-0:1.10.4-2.el7
gtk-doc-0:1.28-2.el7
gtk-update-icon-cache-0:3.22.30-3.el7
gtk3-0:3.22.30-3.el7
gtk3-debuginfo-0:3.22.30-3.el7
gtk3-devel-0:3.22.30-3.el7
gtk3-devel-docs-0:3.22.30-3.el7
gtk3-immodule-xim-0:3.22.30-3.el7
gtk3-immodules-0:3.22.30-3.el7
gtk3-tests-0:3.22.30-3.el7
gtksourceview3-0:3.24.8-1.el7
gtksourceview3-debuginfo-0:3.24.8-1.el7
gtksourceview3-devel-0:3.24.8-1.el7
gtksourceview3-tests-0:3.24.8-1.el7
gucharmap-0:10.0.4-1.el7
gucharmap-debuginfo-0:10.0.4-1.el7
gucharmap-devel-0:10.0.4-1.el7
gucharmap-libs-0:10.0.4-1.el7
gupnp-0:1.0.2-5.el7
gupnp-debuginfo-0:1.0.2-5.el7
gupnp-devel-0:1.0.2-5.el7
gupnp-docs-0:1.0.2-5.el7
gupnp-igd-0:0.2.5-2.el7
gupnp-igd-debuginfo-0:0.2.5-2.el7
gupnp-igd-devel-0:0.2.5-2.el7
gupnp-igd-python-0:0.2.5-2.el7
gvfs-0:1.36.2-1.el7
gvfs-afc-0:1.36.2-1.el7
gvfs-afp-0:1.36.2-1.el7
gvfs-archive-0:1.36.2-1.el7
gvfs-client-0:1.36.2-1.el7
gvfs-debuginfo-0:1.36.2-1.el7
gvfs-devel-0:1.36.2-1.el7
gvfs-fuse-0:1.36.2-1.el7
gvfs-goa-0:1.36.2-1.el7
gvfs-gphoto2-0:1.36.2-1.el7
gvfs-mtp-0:1.36.2-1.el7
gvfs-smb-0:1.36.2-1.el7
gvfs-tests-0:1.36.2-1.el7
harfbuzz-0:1.7.5-2.el7
harfbuzz-debuginfo-0:1.7.5-2.el7
harfbuzz-devel-0:1.7.5-2.el7
harfbuzz-icu-0:1.7.5-2.el7
json-glib-0:1.4.2-2.el7
json-glib-debuginfo-0:1.4.2-2.el7
json-glib-devel-0:1.4.2-2.el7
json-glib-tests-0:1.4.2-2.el7
libappstream-glib-0:0.7.8-2.el7
libappstream-glib-builder-0:0.7.8-2.el7
libappstream-glib-builder-devel-0:0.7.8-2.el7
libappstream-glib-debuginfo-0:0.7.8-2.el7
libappstream-glib-devel-0:0.7.8-2.el7
libchamplain-0:0.12.16-2.el7
libchamplain-debuginfo-0:0.12.16-2.el7
libchamplain-demos-0:0.12.16-2.el7
libchamplain-devel-0:0.12.16-2.el7
libchamplain-gtk-0:0.12.16-2.el7
libcroco-0:0.6.12-4.el7
libcroco-debuginfo-0:0.6.12-4.el7
libcroco-devel-0:0.6.12-4.el7
libgdata-0:0.17.9-1.el7
libgdata-debuginfo-0:0.17.9-1.el7
libgdata-devel-0:0.17.9-1.el7
libgee-0:0.20.1-1.el7
libgee-debuginfo-0:0.20.1-1.el7
libgee-devel-0:0.20.1-1.el7
libgepub-0:0.6.0-1.el7
libgepub-debuginfo-0:0.6.0-1.el7
libgepub-devel-0:0.6.0-1.el7
libgexiv2-0:0.10.8-1.el7
libgexiv2-debuginfo-0:0.10.8-1.el7
libgexiv2-devel-0:0.10.8-1.el7
libgnomekbd-0:3.26.0-1.el7
libgnomekbd-debuginfo-0:3.26.0-1.el7
libgnomekbd-devel-0:3.26.0-1.el7
libgovirt-0:0.3.4-1.el7
libgovirt-debuginfo-0:0.3.4-1.el7
libgovirt-devel-0:0.3.4-1.el7
libgtop2-0:2.38.0-3.el7
libgtop2-debuginfo-0:2.38.0-3.el7
libgtop2-devel-0:2.38.0-3.el7
libgweather-0:3.28.2-2.el7
libgweather-debuginfo-0:3.28.2-2.el7
libgweather-devel-0:3.28.2-2.el7
libgxps-0:0.3.0-4.el7
libgxps-debuginfo-0:0.3.0-4.el7
libgxps-devel-0:0.3.0-4.el7
libgxps-tools-0:0.3.0-4.el7
libical-0:3.0.3-2.el7
libical-debuginfo-0:3.0.3-2.el7
libical-devel-0:3.0.3-2.el7
libical-glib-0:3.0.3-2.el7
libical-glib-devel-0:3.0.3-2.el7
libical-glib-doc-0:3.0.3-2.el7
libjpeg-turbo-0:1.2.90-6.el7
libjpeg-turbo-debuginfo-0:1.2.90-6.el7
libjpeg-turbo-devel-0:1.2.90-6.el7
libjpeg-turbo-static-0:1.2.90-6.el7
libjpeg-turbo-utils-0:1.2.90-6.el7
libmediaart-0:1.9.4-1.el7
libmediaart-debuginfo-0:1.9.4-1.el7
libmediaart-devel-0:1.9.4-1.el7
libmediaart-tests-0:1.9.4-1.el7
libosinfo-0:1.1.0-2.el7
libosinfo-debuginfo-0:1.1.0-2.el7
libosinfo-devel-0:1.1.0-2.el7
libosinfo-vala-0:1.1.0-2.el7
libpeas-0:1.22.0-1.el7
libpeas-debuginfo-0:1.22.0-1.el7
libpeas-devel-0:1.22.0-1.el7
libpeas-gtk-0:1.22.0-1.el7
libpeas-loader-python-0:1.22.0-1.el7
librsvg2-0:2.40.20-1.el7
librsvg2-debuginfo-0:2.40.20-1.el7
librsvg2-devel-0:2.40.20-1.el7
librsvg2-tools-0:2.40.20-1.el7
libsecret-0:0.18.6-1.el7
libsecret-debuginfo-0:0.18.6-1.el7
libsecret-devel-0:0.18.6-1.el7
libsoup-0:2.62.2-2.el7
libsoup-debuginfo-0:2.62.2-2.el7
libsoup-devel-0:2.62.2-2.el7
libwayland-client-0:1.15.0-1.el7
libwayland-cursor-0:1.15.0-1.el7
libwayland-egl-0:1.15.0-1.el7
libwayland-server-0:1.15.0-1.el7
libwnck3-0:3.24.1-2.el7
libwnck3-debuginfo-0:3.24.1-2.el7
libwnck3-devel-0:3.24.1-2.el7
meson-0:0.45.1-1.el7
mozjs52-0:52.9.0-1.el7
mozjs52-debuginfo-0:52.9.0-1.el7
mozjs52-devel-0:52.9.0-1.el7
mutter-0:3.28.3-4.el7
mutter-debuginfo-0:3.28.3-4.el7
mutter-devel-0:3.28.3-4.el7
nautilus-0:3.26.3.1-2.el7
nautilus-debuginfo-0:3.26.3.1-2.el7
nautilus-devel-0:3.26.3.1-2.el7
nautilus-extensions-0:3.26.3.1-2.el7
nautilus-sendto-1:3.8.6-1.el7
nautilus-sendto-debuginfo-1:3.8.6-1.el7
ninja-build-0:1.8.2-1.el7
ninja-build-debuginfo-0:1.8.2-1.el7
openchange-0:2.3-3.el7
openchange-client-0:2.3-3.el7
openchange-debuginfo-0:2.3-3.el7
openchange-devel-0:2.3-3.el7
openchange-devel-docs-0:2.3-3.el7
osinfo-db-0:20180531-1.el7
pango-0:1.42.4-1.el7
pango-debuginfo-0:1.42.4-1.el7
pango-devel-0:1.42.4-1.el7
pango-tests-0:1.42.4-1.el7
poppler-0:0.26.5-20.el7
poppler-cpp-0:0.26.5-20.el7
poppler-cpp-devel-0:0.26.5-20.el7
poppler-debuginfo-0:0.26.5-20.el7
poppler-demos-0:0.26.5-20.el7
poppler-devel-0:0.26.5-20.el7
poppler-glib-0:0.26.5-20.el7
poppler-glib-devel-0:0.26.5-20.el7
poppler-qt-0:0.26.5-20.el7
poppler-qt-devel-0:0.26.5-20.el7
poppler-utils-0:0.26.5-20.el7
python2-gexiv2-0:0.10.8-1.el7
python2-pyatspi-0:2.26.0-3.el7
redhat-logos-0:70.0.3-7.el7
rest-0:0.8.1-2.el7
rest-debuginfo-0:0.8.1-2.el7
rest-devel-0:0.8.1-2.el7
rhythmbox-0:3.4.2-2.el7
rhythmbox-debuginfo-0:3.4.2-2.el7
rhythmbox-devel-0:3.4.2-2.el7
seahorse-nautilus-0:3.11.92-11.el7
seahorse-nautilus-debuginfo-0:3.11.92-11.el7
shotwell-0:0.28.4-1.el7
shotwell-debuginfo-0:0.28.4-1.el7
sushi-0:3.28.3-1.el7
sushi-debuginfo-0:3.28.3-1.el7
totem-1:3.26.2-1.el7
totem-debuginfo-1:3.26.2-1.el7
totem-devel-1:3.26.2-1.el7
totem-nautilus-1:3.26.2-1.el7
totem-pl-parser-0:3.26.1-1.el7
totem-pl-parser-debuginfo-0:3.26.1-1.el7
totem-pl-parser-devel-0:3.26.1-1.el7
turbojpeg-0:1.2.90-6.el7
turbojpeg-devel-0:1.2.90-6.el7
upower-0:0.99.7-1.el7
upower-debuginfo-0:0.99.7-1.el7
upower-devel-0:0.99.7-1.el7
upower-devel-docs-0:0.99.7-1.el7
vala-0:0.40.8-1.el7
vala-debuginfo-0:0.40.8-1.el7
vala-devel-0:0.40.8-1.el7
vala-doc-0:0.40.8-1.el7
valadoc-0:0.40.8-1.el7
valadoc-devel-0:0.40.8-1.el7
vino-0:3.22.0-7.el7
vino-debuginfo-0:3.22.0-7.el7
vte-profile-0:0.52.2-2.el7
vte291-0:0.52.2-2.el7
vte291-debuginfo-0:0.52.2-2.el7
vte291-devel-0:0.52.2-2.el7
wayland-debuginfo-0:1.15.0-1.el7
wayland-devel-0:1.15.0-1.el7
wayland-doc-0:1.15.0-1.el7
wayland-protocols-devel-0:1.14-1.el7
webkitgtk4-0:2.20.5-1.el7
webkitgtk4-debuginfo-0:2.20.5-1.el7
webkitgtk4-devel-0:2.20.5-1.el7
webkitgtk4-doc-0:2.20.5-1.el7
webkitgtk4-jsc-0:2.20.5-1.el7
webkitgtk4-jsc-devel-0:2.20.5-1.el7
webkitgtk4-plugin-process-gtk2-0:2.20.5-1.el7
xdg-desktop-portal-0:1.0.2-1.el7
xdg-desktop-portal-debuginfo-0:1.0.2-1.el7
xdg-desktop-portal-devel-0:1.0.2-1.el7
xdg-desktop-portal-gtk-0:1.0.2-1.el7
xdg-desktop-portal-gtk-debuginfo-0:1.0.2-1.el7
yelp-2:3.28.1-1.el7
yelp-debuginfo-2:3.28.1-1.el7
yelp-devel-2:3.28.1-1.el7
yelp-libs-2:3.28.1-1.el7
yelp-tools-0:3.28.0-1.el7
yelp-xsl-0:3.28.0-1.el7
yelp-xsl-devel-0:3.28.0-1.el7
zenity-0:3.28.1-1.el7
zenity-debuginfo-0:3.28.1-1.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References