Vulnerabilities > CVE-2018-19058 - Always-Incorrect Control Flow Implementation vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
freedesktop
canonical
debian
redhat
CWE-670
nessus

Summary

An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2269.NASL
    descriptionAccording to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.(CVE-2018-16646) - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897) - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058) - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059) - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060) - Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018- 19149) - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650) - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662) - Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130731
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130731
    titleEulerOS 2.0 SP3 : poppler (EulerOS-SA-2019-2269)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130731);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2018-16646",
        "CVE-2018-18897",
        "CVE-2018-19058",
        "CVE-2018-19059",
        "CVE-2018-19060",
        "CVE-2018-19149",
        "CVE-2018-20650",
        "CVE-2018-20662",
        "CVE-2019-9631"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : poppler (EulerOS-SA-2019-2269)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the poppler packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - In Poppler 0.68.0, the Parser::getObj() function in
        Parser.cc may cause infinite recursion via a crafted
        file. A remote attacker can leverage this for a DoS
        attack.(CVE-2018-16646)
    
      - An issue was discovered in Poppler 0.71.0. There is a
        memory leak in GfxColorSpace::setDisplayProfile in
        GfxState.cc, as demonstrated by
        pdftocairo.(CVE-2018-18897)
    
      - An issue was discovered in Poppler 0.71.0. There is a
        reachable abort in Object.h, will lead to denial of
        service because EmbFile::save2 in FileSpec.cc lacks a
        stream check before saving an embedded
        file.(CVE-2018-19058)
    
      - An issue was discovered in Poppler 0.71.0. There is a
        out-of-bounds read in EmbFile::save2 in FileSpec.cc,
        will lead to denial of service, as demonstrated by
        utils/pdfdetach.cc not validating embedded files before
        save attempts.(CVE-2018-19059)
    
      - An issue was discovered in Poppler 0.71.0. There is a
        NULL pointer dereference in goo/GooString.h, will lead
        to denial of service, as demonstrated by
        utils/pdfdetach.cc not validating a filename of an
        embedded file before constructing a save
        path.(CVE-2018-19060)
    
      - Poppler before 0.70.0 has a NULL pointer dereference in
        _poppler_attachment_new when called from
        poppler_annot_file_attachment_get_attachment.(CVE-2018-
        19149)
    
      - A reachable Object::dictLookup assertion in Poppler
        0.72.0 allows attackers to cause a denial of service
        due to the lack of a check for the dict data type, as
        demonstrated by use of the FileSpec class (in
        FileSpec.cc) in pdfdetach.(CVE-2018-20650)
    
      - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows
        attackers to cause a denial-of-service (application
        crash caused by Object.h SIGABRT, because of a wrong
        return value from PDFDoc::setup) by crafting a PDF file
        in which an xref data structure is mishandled during
        extractPDFSubtype processing.(CVE-2018-20662)
    
      - Poppler 0.74.0 has a heap-based buffer over-read in the
        CairoRescaleBox.cc downsample_row_box_filter
        function.(CVE-2019-9631)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2269
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?927175c6");
      script_set_attribute(attribute:"solution", value:
    "Update the affected poppler packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-glib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["poppler-0.26.5-17.h17",
            "poppler-glib-0.26.5-17.h17",
            "poppler-qt-0.26.5-17.h17",
            "poppler-utils-0.26.5-17.h17"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2224.NASL
    descriptionAccording to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.(CVE-2017-7515) - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058) - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059) - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060) - Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018- 19149) - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650) - In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.(CVE-2018-16646) - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897) - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130686
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130686
    titleEulerOS 2.0 SP5 : poppler (EulerOS-SA-2019-2224)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130686);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2017-7515",
        "CVE-2018-16646",
        "CVE-2018-18897",
        "CVE-2018-19058",
        "CVE-2018-19059",
        "CVE-2018-19060",
        "CVE-2018-19149",
        "CVE-2018-20650",
        "CVE-2018-20662"
      );
    
      script_name(english:"EulerOS 2.0 SP5 : poppler (EulerOS-SA-2019-2224)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the poppler packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - poppler through version 0.55.0 is vulnerable to an
        uncontrolled recursion in pdfunite resulting into
        potential denial-of-service.(CVE-2017-7515)
    
      - An issue was discovered in Poppler 0.71.0. There is a
        reachable abort in Object.h, will lead to denial of
        service because EmbFile::save2 in FileSpec.cc lacks a
        stream check before saving an embedded
        file.(CVE-2018-19058)
    
      - An issue was discovered in Poppler 0.71.0. There is a
        out-of-bounds read in EmbFile::save2 in FileSpec.cc,
        will lead to denial of service, as demonstrated by
        utils/pdfdetach.cc not validating embedded files before
        save attempts.(CVE-2018-19059)
    
      - An issue was discovered in Poppler 0.71.0. There is a
        NULL pointer dereference in goo/GooString.h, will lead
        to denial of service, as demonstrated by
        utils/pdfdetach.cc not validating a filename of an
        embedded file before constructing a save
        path.(CVE-2018-19060)
    
      - Poppler before 0.70.0 has a NULL pointer dereference in
        _poppler_attachment_new when called from
        poppler_annot_file_attachment_get_attachment.(CVE-2018-
        19149)
    
      - A reachable Object::dictLookup assertion in Poppler
        0.72.0 allows attackers to cause a denial of service
        due to the lack of a check for the dict data type, as
        demonstrated by use of the FileSpec class (in
        FileSpec.cc) in pdfdetach.(CVE-2018-20650)
    
      - In Poppler 0.68.0, the Parser::getObj() function in
        Parser.cc may cause infinite recursion via a crafted
        file. A remote attacker can leverage this for a DoS
        attack.(CVE-2018-16646)
    
      - An issue was discovered in Poppler 0.71.0. There is a
        memory leak in GfxColorSpace::setDisplayProfile in
        GfxState.cc, as demonstrated by
        pdftocairo.(CVE-2018-18897)
    
      - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows
        attackers to cause a denial-of-service (application
        crash caused by Object.h SIGABRT, because of a wrong
        return value from PDFDoc::setup) by crafting a PDF file
        in which an xref data structure is mishandled during
        extractPDFSubtype processing.(CVE-2018-20662)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2224
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0fae5cec");
      script_set_attribute(attribute:"solution", value:
    "Update the affected poppler packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20662");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-glib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:poppler-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["poppler-0.26.5-17.h20.eulerosv2r7",
            "poppler-glib-0.26.5-17.h20.eulerosv2r7",
            "poppler-qt-0.26.5-17.h20.eulerosv2r7",
            "poppler-utils-0.26.5-17.h20.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1332.NASL
    descriptionIn Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.(CVE-2018-16646) An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897) An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058) An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059) An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060) Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018-19149) XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.(CVE-2018-20481) A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650) In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662) In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.(CVE-2019-7310) A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.(CVE-2019-9200) Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)
    last seen2020-06-01
    modified2020-06-02
    plugin id130228
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130228
    titleAmazon Linux 2 : poppler (ALAS-2019-1332)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1332.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130228);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/18");
    
      script_cve_id("CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631");
      script_xref(name:"ALAS", value:"2019-1332");
    
      script_name(english:"Amazon Linux 2 : poppler (ALAS-2019-1332)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may
    cause infinite recursion via a crafted file. A remote attacker can
    leverage this for a DoS attack.(CVE-2018-16646)
    
    An issue was discovered in Poppler 0.71.0. There is a memory leak in
    GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by
    pdftocairo.(CVE-2018-18897)
    
    An issue was discovered in Poppler 0.71.0. There is a reachable abort
    in Object.h, will lead to denial of service because EmbFile::save2 in
    FileSpec.cc lacks a stream check before saving an embedded
    file.(CVE-2018-19058)
    
    An issue was discovered in Poppler 0.71.0. There is a out-of-bounds
    read in EmbFile::save2 in FileSpec.cc, will lead to denial of service,
    as demonstrated by utils/pdfdetach.cc not validating embedded files
    before save attempts.(CVE-2018-19059)
    
    An issue was discovered in Poppler 0.71.0. There is a NULL pointer
    dereference in goo/GooString.h, will lead to denial of service, as
    demonstrated by utils/pdfdetach.cc not validating a filename of an
    embedded file before constructing a save path.(CVE-2018-19060)
    
    Poppler before 0.70.0 has a NULL pointer dereference in
    _poppler_attachment_new when called from
    poppler_annot_file_attachment_get_attachment.(CVE-2018-19149)
    
    XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated
    XRef entries, which allows remote attackers to cause a denial of
    service (NULL pointer dereference) via a crafted PDF document, when
    XRefEntry::setFlag in XRef.h is called from Parser::makeStream in
    Parser.cc.(CVE-2018-20481)
    
    A reachable Object::dictLookup assertion in Poppler 0.72.0 allows
    attackers to cause a denial of service due to the lack of a check for
    the dict data type, as demonstrated by use of the FileSpec class (in
    FileSpec.cc) in pdfdetach.(CVE-2018-20650)
    
    In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to
    cause a denial-of-service (application crash caused by Object.h
    SIGABRT, because of a wrong return value from PDFDoc::setup) by
    crafting a PDF file in which an xref data structure is mishandled
    during extractPDFSubtype processing.(CVE-2018-20662)
    
    In Poppler 0.73.0, a heap-based buffer over-read (due to an integer
    signedness error in the XRef::getEntry function in XRef.cc) allows
    remote attackers to cause a denial of service (application crash) or
    possibly have unspecified other impact via a crafted PDF document, as
    demonstrated by pdftocairo.(CVE-2019-7310)
    
    A heap-based buffer underwrite exists in ImageStream::getLine()
    located at Stream.cc in Poppler 0.74.0 that can (for example) be
    triggered by sending a crafted PDF file to the pdfimages binary. It
    allows an attacker to cause Denial of Service (Segmentation fault) or
    possibly have unspecified other impact.(CVE-2019-9200)
    
    Poppler 0.74.0 has a heap-based buffer over-read in the
    CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1332.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update poppler' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-cpp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-cpp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-demos");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-glib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-glib-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-qt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:poppler-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", reference:"poppler-0.26.5-38.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"poppler-cpp-0.26.5-38.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"poppler-cpp-devel-0.26.5-38.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"poppler-debuginfo-0.26.5-38.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"poppler-demos-0.26.5-38.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"poppler-devel-0.26.5-38.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"poppler-glib-0.26.5-38.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"poppler-glib-devel-0.26.5-38.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"poppler-qt-0.26.5-38.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"poppler-qt-devel-0.26.5-38.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"poppler-utils-0.26.5-38.amzn2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler / poppler-cpp / poppler-cpp-devel / poppler-debuginfo / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3837-1.NASL
    descriptionIt was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-16646, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060) It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2018-19149). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-10
    modified2018-12-06
    plugin id119458
    published2018-12-06
    reporterUbuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119458
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : poppler vulnerabilities (USN-3837-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3837-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119458);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09");
    
      script_cve_id("CVE-2018-16646", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149");
      script_xref(name:"USN", value:"3837-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : poppler vulnerabilities (USN-3837-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "It was discovered that poppler incorrectly handled certain PDF files.
    An attacker could possibly use this issue to cause a denial of
    service. (CVE-2018-16646, CVE-2018-19058, CVE-2018-19059,
    CVE-2018-19060)
    
    It was discovered that poppler incorrectly handled certain PDF files.
    An attacker could possibly use this issue to cause a denial of
    service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
    LTS. (CVE-2018-19149).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3837-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19059");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler44");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler58");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler73");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpoppler79");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:poppler-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|18\.04|18\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 18.04 / 18.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"libpoppler44", pkgver:"0.24.5-2ubuntu4.13")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"poppler-utils", pkgver:"0.24.5-2ubuntu4.13")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libpoppler58", pkgver:"0.41.0-0ubuntu1.9")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"poppler-utils", pkgver:"0.41.0-0ubuntu1.9")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libpoppler73", pkgver:"0.62.0-2ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"poppler-utils", pkgver:"0.62.0-2ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"libpoppler79", pkgver:"0.68.0-0ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"18.10", pkgname:"poppler-utils", pkgver:"0.68.0-0ubuntu1.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpoppler44 / libpoppler58 / libpoppler73 / libpoppler79 / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2022.NASL
    descriptionAn update for poppler, evince, and okular is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular. Security Fix(es) : * poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310) * poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200) * poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646) * poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897) * poppler: reachable abort in Object.h (CVE-2018-19058) * poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059) * poppler: pdfdetach utility does not validate save paths (CVE-2018-19060) * poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149) * poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481) * poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650) * poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662) * poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127648
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127648
    titleRHEL 7 : poppler (RHSA-2019:2022)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:2022. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127648);
      script_version("1.5");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631");
      script_xref(name:"RHSA", value:"2019:2022");
    
      script_name(english:"RHEL 7 : poppler (RHSA-2019:2022)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for poppler, evince, and okular is now available for Red Hat
    Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Poppler is a Portable Document Format (PDF) rendering library, used by
    applications such as Evince or Okular.
    
    Security Fix(es) :
    
    * poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc
    (CVE-2019-7310)
    
    * poppler: heap-based buffer overflow in function
    ImageStream::getLine() in Stream.cc (CVE-2019-9200)
    
    * poppler: infinite recursion in Parser::getObj function in Parser.cc
    (CVE-2018-16646)
    
    * poppler: memory leak in GfxColorSpace::setDisplayProfile in
    GfxState.cc (CVE-2018-18897)
    
    * poppler: reachable abort in Object.h (CVE-2018-19058)
    
    * poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc
    (CVE-2018-19059)
    
    * poppler: pdfdetach utility does not validate save paths
    (CVE-2018-19060)
    
    * poppler: NULL pointer dereference in _poppler_attachment_new
    (CVE-2018-19149)
    
    * poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc
    (CVE-2018-20481)
    
    * poppler: reachable Object::dictLookup assertion in FileSpec class in
    FileSpec.cc (CVE-2018-20650)
    
    * poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)
    
    * poppler: heap-based buffer over-read in function
    downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 7.7 Release Notes linked from the References section."
      );
      # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3395ff0b"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:2022"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-16646"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-18897"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-19058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-19059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-19060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-19149"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-20481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-20650"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-20662"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-7310"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-9200"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-9631"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-browser-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-dvi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:evince-nautilus");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:okular");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:okular-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:okular-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:okular-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:okular-part");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-cpp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-cpp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-demos");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-glib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-glib-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-qt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:2022";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"evince-3.28.2-8.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"evince-3.28.2-8.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"evince-browser-plugin-3.28.2-8.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"evince-browser-plugin-3.28.2-8.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"evince-debuginfo-3.28.2-8.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"evince-devel-3.28.2-8.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"evince-dvi-3.28.2-8.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"evince-dvi-3.28.2-8.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"evince-libs-3.28.2-8.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"evince-nautilus-3.28.2-8.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"evince-nautilus-3.28.2-8.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"okular-4.10.5-7.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"i686", reference:"okular-debuginfo-4.10.5-7.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"okular-debuginfo-4.10.5-7.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"i686", reference:"okular-devel-4.10.5-7.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"okular-devel-4.10.5-7.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"i686", reference:"okular-libs-4.10.5-7.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"okular-libs-4.10.5-7.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"okular-part-4.10.5-7.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"poppler-0.26.5-38.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"poppler-cpp-0.26.5-38.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"poppler-cpp-devel-0.26.5-38.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"poppler-debuginfo-0.26.5-38.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"poppler-demos-0.26.5-38.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"poppler-demos-0.26.5-38.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"poppler-devel-0.26.5-38.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"poppler-glib-0.26.5-38.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"poppler-glib-devel-0.26.5-38.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"poppler-qt-0.26.5-38.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"poppler-qt-devel-0.26.5-38.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"poppler-utils-0.26.5-38.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"poppler-utils-0.26.5-38.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince / evince-browser-plugin / evince-debuginfo / evince-devel / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-12B934E224.NASL
    descriptionThis update fixes CVE-2017-18267, CVE-2018-13988, CVE-2018-16646, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060, CVE-2018-19149 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120243
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120243
    titleFedora 28 : mingw-poppler (2018-12b934e224)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-12b934e224.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120243);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-18267", "CVE-2018-13988", "CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149");
      script_xref(name:"FEDORA", value:"2018-12b934e224");
    
      script_name(english:"Fedora 28 : mingw-poppler (2018-12b934e224)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes CVE-2017-18267, CVE-2018-13988, CVE-2018-16646,
    CVE-2018-19058, CVE-2018-19059, CVE-2018-19060, CVE-2018-19149
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-12b934e224"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mingw-poppler package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-poppler");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"mingw-poppler-0.62.0-2.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-poppler");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-E805688895.NASL
    descriptionSecurity fix for CVE-2018-16646, CVE-2018-19058, CVE-2018-19059 and CVE-2018-19060. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120870
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120870
    titleFedora 29 : poppler (2018-e805688895)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-e805688895.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120870);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-16646", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060");
      script_xref(name:"FEDORA", value:"2018-e805688895");
    
      script_name(english:"Fedora 29 : poppler (2018-e805688895)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE-2018-16646, CVE-2018-19058, CVE-2018-19059 and
    CVE-2018-19060.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-e805688895"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected poppler package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:poppler");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"poppler-0.67.0-6.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-679F8ABA03.NASL
    descriptionThis update fixes CVE-2018-16646, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060, CVE-2018-19149. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120486
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120486
    titleFedora 29 : mingw-poppler (2018-679f8aba03)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-679f8aba03.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120486);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149");
      script_xref(name:"FEDORA", value:"2018-679f8aba03");
    
      script_name(english:"Fedora 29 : mingw-poppler (2018-679f8aba03)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes CVE-2018-16646, CVE-2018-19058, CVE-2018-19059,
    CVE-2018-19060, CVE-2018-19149.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-679f8aba03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mingw-poppler package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-poppler");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"mingw-poppler-0.67.0-2.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-poppler");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1706.NASL
    descriptionSeveral security vulnerabilities were discovered in the poppler PDF rendering shared library. CVE-2018-19058 A reachable abort in Object.h will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. CVE-2018-20481 Poppler mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document. CVE-2018-20662 Poppler allows attackers to cause a denial of service (application crash and segmentation fault by crafting a PDF file in which an xref data structure is corrupted. CVE-2019-7310 A heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. CVE-2019-9200 A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause denial of service (segmentation fault) or possibly have unspecified other impact. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id122720
    published2019-03-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122720
    titleDebian DLA-1706-1 : poppler security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1706-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122720);
      script_version("1.4");
      script_cvs_date("Date: 2020/02/05");
    
      script_cve_id("CVE-2018-19058", "CVE-2018-20481", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200");
    
      script_name(english:"Debian DLA-1706-1 : poppler security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several security vulnerabilities were discovered in the poppler PDF
    rendering shared library.
    
    CVE-2018-19058
    
    A reachable abort in Object.h will lead to denial of service because
    EmbFile::save2 in FileSpec.cc lacks a stream check before saving an
    embedded file.
    
    CVE-2018-20481
    
    Poppler mishandles unallocated XRef entries, which allows remote
    attackers to cause a denial of service (NULL pointer dereference) via
    a crafted PDF document.
    
    CVE-2018-20662
    
    Poppler allows attackers to cause a denial of service (application
    crash and segmentation fault by crafting a PDF file in which an xref
    data structure is corrupted.
    
    CVE-2019-7310
    
    A heap-based buffer over-read (due to an integer signedness error in
    the XRef::getEntry function in XRef.cc) allows remote attackers to
    cause a denial of service (application crash) or possibly have
    unspecified other impact via a crafted PDF document.
    
    CVE-2019-9200
    
    A heap-based buffer underwrite exists in ImageStream::getLine()
    located at Stream.cc that can (for example) be triggered by sending a
    crafted PDF file to the pdfimages binary. It allows an attacker to
    cause denial of service (segmentation fault) or possibly have
    unspecified other impact.
    
    For Debian 8 'Jessie', these problems have been fixed in version
    0.26.5-2+deb8u8.
    
    We recommend that you upgrade your poppler packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/poppler"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7310");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-cpp0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-glib-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-glib-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-glib8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-private-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-qt4-4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-qt4-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-qt5-1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-qt5-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler46");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:poppler-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:poppler-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"gir1.2-poppler-0.18", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpoppler-cpp-dev", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpoppler-cpp0", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpoppler-dev", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpoppler-glib-dev", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpoppler-glib-doc", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpoppler-glib8", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpoppler-private-dev", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpoppler-qt4-4", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpoppler-qt4-dev", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpoppler-qt5-1", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpoppler-qt5-dev", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"libpoppler46", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"poppler-dbg", reference:"0.26.5-2+deb8u8")) flag++;
    if (deb_check(release:"8.0", prefix:"poppler-utils", reference:"0.26.5-2+deb8u8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2022.NASL
    descriptionAn update for poppler, evince, and okular is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular. Security Fix(es) : * poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310) * poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200) * poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646) * poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897) * poppler: reachable abort in Object.h (CVE-2018-19058) * poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059) * poppler: pdfdetach utility does not validate save paths (CVE-2018-19060) * poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149) * poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481) * poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650) * poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662) * poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128331
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128331
    titleCentOS 7 : evince / okular / poppler (CESA-2019:2022)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:2022 and 
    # CentOS Errata and Security Advisory 2019:2022 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128331);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631");
      script_xref(name:"RHSA", value:"2019:2022");
    
      script_name(english:"CentOS 7 : evince / okular / poppler (CESA-2019:2022)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for poppler, evince, and okular is now available for Red Hat
    Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Poppler is a Portable Document Format (PDF) rendering library, used by
    applications such as Evince or Okular.
    
    Security Fix(es) :
    
    * poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc
    (CVE-2019-7310)
    
    * poppler: heap-based buffer overflow in function
    ImageStream::getLine() in Stream.cc (CVE-2019-9200)
    
    * poppler: infinite recursion in Parser::getObj function in Parser.cc
    (CVE-2018-16646)
    
    * poppler: memory leak in GfxColorSpace::setDisplayProfile in
    GfxState.cc (CVE-2018-18897)
    
    * poppler: reachable abort in Object.h (CVE-2018-19058)
    
    * poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc
    (CVE-2018-19059)
    
    * poppler: pdfdetach utility does not validate save paths
    (CVE-2018-19060)
    
    * poppler: NULL pointer dereference in _poppler_attachment_new
    (CVE-2018-19149)
    
    * poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc
    (CVE-2018-20481)
    
    * poppler: reachable Object::dictLookup assertion in FileSpec class in
    FileSpec.cc (CVE-2018-20650)
    
    * poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)
    
    * poppler: heap-based buffer over-read in function
    downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 7.7 Release Notes linked from the References section."
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/005860.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6c974892"
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006020.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1172af08"
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006052.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?44002993"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected evince, okular and / or poppler packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9631");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:evince");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:evince-browser-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:evince-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:evince-dvi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:evince-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:evince-nautilus");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:okular");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:okular-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:okular-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:okular-part");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-cpp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-cpp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-demos");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-glib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-glib-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-qt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:poppler-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"evince-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"evince-browser-plugin-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"evince-devel-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"evince-dvi-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"evince-libs-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"evince-nautilus-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"okular-4.10.5-7.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"okular-devel-4.10.5-7.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"okular-libs-4.10.5-7.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"okular-part-4.10.5-7.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"poppler-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"poppler-cpp-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"poppler-cpp-devel-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"poppler-demos-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"poppler-devel-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"poppler-glib-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"poppler-glib-devel-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"poppler-qt-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"poppler-qt-devel-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"poppler-utils-0.26.5-38.el7")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince / evince-browser-plugin / evince-devel / evince-dvi / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-54ED26A423.NASL
    descriptionSecurity fix for CVE-2018-16646, CVE-2018-19058, CVE-2018-19059 and CVE-2018-19060. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120434
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120434
    titleFedora 28 : poppler (2018-54ed26a423)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-54ed26a423.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120434);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-16646", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060");
      script_xref(name:"FEDORA", value:"2018-54ed26a423");
    
      script_name(english:"Fedora 28 : poppler (2018-54ed26a423)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE-2018-16646, CVE-2018-19058, CVE-2018-19059 and
    CVE-2018-19060.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-54ed26a423"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected poppler package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:poppler");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC28", reference:"poppler-0.62.0-10.fc28")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "poppler");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_POPPLER_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310) - poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200) - poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646) - poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897) - poppler: reachable abort in Object.h (CVE-2018-19058) - poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059) - poppler: pdfdetach utility does not validate save paths (CVE-2018-19060) - poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149) - poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481) - poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650) - poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662) - poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)
    last seen2020-03-18
    modified2019-08-27
    plugin id128252
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128252
    titleScientific Linux Security Update : poppler on SL7.x x86_64 (20190806)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128252);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2018-16646", "CVE-2018-18897", "CVE-2018-19058", "CVE-2018-19059", "CVE-2018-19060", "CVE-2018-19149", "CVE-2018-20481", "CVE-2018-20650", "CVE-2018-20662", "CVE-2019-7310", "CVE-2019-9200", "CVE-2019-9631");
    
      script_name(english:"Scientific Linux Security Update : poppler on SL7.x x86_64 (20190806)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - poppler: heap-based buffer over-read in XRef::getEntry
        in XRef.cc (CVE-2019-7310)
    
      - poppler: heap-based buffer overflow in function
        ImageStream::getLine() in Stream.cc (CVE-2019-9200)
    
      - poppler: infinite recursion in Parser::getObj function
        in Parser.cc (CVE-2018-16646)
    
      - poppler: memory leak in GfxColorSpace::setDisplayProfile
        in GfxState.cc (CVE-2018-18897)
    
      - poppler: reachable abort in Object.h (CVE-2018-19058)
    
      - poppler: out-of-bounds read in EmbFile::save2 in
        FileSpec.cc (CVE-2018-19059)
    
      - poppler: pdfdetach utility does not validate save paths
        (CVE-2018-19060)
    
      - poppler: NULL pointer dereference in
        _poppler_attachment_new (CVE-2018-19149)
    
      - poppler: NULL pointer dereference in the XRef::getEntry
        in XRef.cc (CVE-2018-20481)
    
      - poppler: reachable Object::dictLookup assertion in
        FileSpec class in FileSpec.cc (CVE-2018-20650)
    
      - poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc
        (CVE-2018-20662)
    
      - poppler: heap-based buffer over-read in function
        downsample_row_box_filter in CairoRescaleBox.cc
        (CVE-2019-9631)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=31117
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?45e5b084"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince-browser-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince-dvi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:evince-nautilus");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:okular");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:okular-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:okular-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:okular-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:okular-part");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-cpp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-cpp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-demos");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-glib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-glib-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-qt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:poppler-utils");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-browser-plugin-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-debuginfo-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-devel-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-dvi-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-libs-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"evince-nautilus-3.28.2-8.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"okular-4.10.5-7.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"okular-debuginfo-4.10.5-7.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"okular-devel-4.10.5-7.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"okular-libs-4.10.5-7.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"okular-part-4.10.5-7.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-cpp-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-cpp-devel-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-debuginfo-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-demos-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-devel-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-glib-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-glib-devel-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-qt-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-qt-devel-0.26.5-38.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"poppler-utils-0.26.5-38.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evince / evince-browser-plugin / evince-debuginfo / evince-devel / etc");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0249_POPPLER.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has poppler packages installed that are affected by multiple vulnerabilities: - Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. (CVE-2018-19149) - In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646) - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897) - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. (CVE-2018-19058) - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. (CVE-2018-19059) - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. (CVE-2018-19060) - In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. (CVE-2019-7310) - A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. (CVE-2019-9200) - Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. (CVE-2019-9631) - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662) - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. (CVE-2018-20650) - XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132446
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132446
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : poppler Multiple Vulnerabilities (NS-SA-2019-0249)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1173.NASL
    descriptionAccording to the versions of the poppler packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650) - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059) - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-02-25
    plugin id134007
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134007
    titleEulerOS 2.0 SP8 : poppler (EulerOS-SA-2020-1173)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1271.NASL
    descriptionXRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.(CVE-2018-20481) In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646) Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631) A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.(CVE-2018-20650) An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.(CVE-2018-19059) An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.(CVE-2018-19058) Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.(CVE-2018-19149) In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.(CVE-2019-7310) An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897) An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060) A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.(CVE-2019-9200) In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.(CVE-2018-20662)
    last seen2020-06-01
    modified2020-06-02
    plugin id128294
    published2019-08-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128294
    titleAmazon Linux AMI : poppler (ALAS-2019-1271)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0202_POPPLER.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has poppler packages installed that are affected by multiple vulnerabilities: - Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. (CVE-2018-19149) - In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646) - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897) - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. (CVE-2018-19058) - An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. (CVE-2018-19059) - An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. (CVE-2018-19060) - In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. (CVE-2019-7310) - A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. (CVE-2019-9200) - Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. (CVE-2019-9631) - In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662) - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. (CVE-2018-20650) - XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129923
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129923
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2019-0202)

Redhat

advisories
rhsa
idRHSA-2019:2022
rpms
  • evince-0:3.28.2-8.el7
  • evince-browser-plugin-0:3.28.2-8.el7
  • evince-debuginfo-0:3.28.2-8.el7
  • evince-devel-0:3.28.2-8.el7
  • evince-dvi-0:3.28.2-8.el7
  • evince-libs-0:3.28.2-8.el7
  • evince-nautilus-0:3.28.2-8.el7
  • okular-0:4.10.5-7.el7
  • okular-debuginfo-0:4.10.5-7.el7
  • okular-devel-0:4.10.5-7.el7
  • okular-libs-0:4.10.5-7.el7
  • okular-part-0:4.10.5-7.el7
  • poppler-0:0.26.5-38.el7
  • poppler-cpp-0:0.26.5-38.el7
  • poppler-cpp-devel-0:0.26.5-38.el7
  • poppler-debuginfo-0:0.26.5-38.el7
  • poppler-demos-0:0.26.5-38.el7
  • poppler-devel-0:0.26.5-38.el7
  • poppler-glib-0:0.26.5-38.el7
  • poppler-glib-devel-0:0.26.5-38.el7
  • poppler-qt-0:0.26.5-38.el7
  • poppler-qt-devel-0:0.26.5-38.el7
  • poppler-utils-0:0.26.5-38.el7