Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2019:2022
HistoryAug 30, 2019 - 2:44 a.m.

evince, okular, poppler security update

2019-08-3002:44:38
CentOS Project
lists.centos.org
91

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.02

Percentile

89.1%

JSON

CentOS Errata and Security Advisory CESA-2019:2022

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular.

Security Fix(es):

  • poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)

  • poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)

  • poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646)

  • poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)

  • poppler: reachable abort in Object.h (CVE-2018-19058)

  • poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059)

  • poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)

  • poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149)

  • poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)

  • poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)

  • poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)

  • poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032130.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032290.html
https://lists.centos.org/pipermail/centos-cr-announce/2019-August/032322.html

Affected packages:
evince
evince-browser-plugin
evince-devel
evince-dvi
evince-libs
evince-nautilus
okular
okular-devel
okular-libs
okular-part
poppler
poppler-cpp
poppler-cpp-devel
poppler-demos
poppler-devel
poppler-glib
poppler-glib-devel
poppler-qt
poppler-qt-devel
poppler-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2019:2022

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64evince< 3.28.2-8.el7evince-3.28.2-8.el7.x86_64.rpm
CentOS7x86_64evince-browser-plugin< 3.28.2-8.el7evince-browser-plugin-3.28.2-8.el7.x86_64.rpm
CentOS7i686evince-devel< 3.28.2-8.el7evince-devel-3.28.2-8.el7.i686.rpm
CentOS7x86_64evince-devel< 3.28.2-8.el7evince-devel-3.28.2-8.el7.x86_64.rpm
CentOS7x86_64evince-dvi< 3.28.2-8.el7evince-dvi-3.28.2-8.el7.x86_64.rpm
CentOS7i686evince-libs< 3.28.2-8.el7evince-libs-3.28.2-8.el7.i686.rpm
CentOS7x86_64evince-libs< 3.28.2-8.el7evince-libs-3.28.2-8.el7.x86_64.rpm
CentOS7x86_64evince-nautilus< 3.28.2-8.el7evince-nautilus-3.28.2-8.el7.x86_64.rpm
CentOS7x86_64okular< 4.10.5-7.el7okular-4.10.5-7.el7.x86_64.rpm
CentOS7i686okular-devel< 4.10.5-7.el7okular-devel-4.10.5-7.el7.i686.rpm
Rows per page:
1-10 of 321

Related

nessus 47
amazon 2
oraclelinux 2
redhat 2
openvas 38
fedora 14
osv 14
debian 5
ubuntu 4
mageia 4
suse 1
debiancve 6
veracode 8
cvelist 8
ubuntucve 9
cve 9
redhatcve 10
nvd 6
prion 9
gentoo 1
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : poppler Multiple Vulnerabilities (NS-SA-2019-0202)
2019-10-15 00:00:00
Scientific Linux Security Update : poppler on SL7.x x86_64 (20190806)
2019-08-27 00:00:00
Amazon Linux 2 : poppler (ALAS-2019-1332)
2019-10-25 00:00:00
amazon
amazon
Medium: poppler
2019-10-21 18:01:00
Medium: poppler
2019-08-23 17:01:00
oraclelinux
oraclelinux
poppler security, bug fix, and enhancement update
2019-08-13 00:00:00
poppler security update
2019-09-12 00:00:00
redhat
redhat
(RHSA-2019:2022) Moderate: poppler security, bug fix, and enhancement update
2019-08-06 07:51:02
(RHSA-2019:2713) Moderate: poppler security update
2019-09-10 15:32:22
openvas
openvas
Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-2269)
2020-01-23 00:00:00
Fedora Update for mingw-poppler FEDORA-2018-679f8aba03
2019-05-07 00:00:00
Fedora Update for mingw-poppler FEDORA-2019-7085420900
2019-05-07 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-2.fc29
2018-12-30 03:22:07
[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-4.fc29
2019-03-15 18:30:03
[SECURITY] Fedora 29 Update: mingw-poppler-0.67.0-3.fc29
2019-02-18 02:04:58
osv
osv
poppler - security update
2019-03-08 00:00:00
poppler - security update
2020-07-23 00:00:00
poppler - security update
2020-11-08 00:00:00
debian
debian
[SECURITY] [DLA 1706-1] poppler security update
2019-03-08 20:37:16
[SECURITY] [DLA 2287-1] poppler security update
2020-07-23 10:16:10
[SECURITY] [DLA 2440-1] poppler security update
2020-11-08 23:59:37
ubuntu
ubuntu
poppler vulnerabilities
2018-12-04 00:00:00
poppler vulnerabilities
2019-01-22 00:00:00
poppler regression
2018-12-11 00:00:00
mageia
mageia
Updated poppler packages fix security vulnerabilities
2018-11-23 01:26:34
Updated poppler packages fix security vulnerability
2019-02-20 23:56:50
Updated poppler packages fix security vulnerabilities
2019-03-29 18:51:06
suse
suse
Security update for poppler (important)
2021-12-01 00:00:00
debiancve
debiancve
CVE-2018-19149
2018-11-10 19:29:00
CVE-2018-20650
2019-01-01 16:29:00
CVE-2018-20481
2018-12-26 04:29:00
veracode
veracode
Denial Of Service (DoS)
2018-11-12 07:13:51
Denial Of Service
2019-02-04 04:43:31
Denial Of Service (Dos)
2019-08-08 00:07:10
cvelist
cvelist
CVE-2018-20650
2019-01-01 16:00:00
CVE-2018-20481
2018-12-26 04:00:00
CVE-2018-19149
2018-11-10 19:00:00
ubuntucve
ubuntucve
CVE-2018-20481
2018-12-25 00:00:00
CVE-2018-19149
2018-11-10 00:00:00
CVE-2018-19060
2018-11-07 00:00:00
cve
cve
CVE-2018-20481
2018-12-26 04:29:00
CVE-2018-18897
2018-11-02 07:29:00
CVE-2018-19149
2018-11-10 19:29:00
redhatcve
redhatcve
CVE-2018-19149
2018-11-13 16:49:19
CVE-2019-9631
2019-10-09 06:24:14
CVE-2018-18897
2018-11-05 16:49:52
nvd
nvd
CVE-2018-20481
2018-12-26 04:29:00
CVE-2018-19149
2018-11-10 19:29:00
CVE-2019-9200
2019-02-26 23:29:00
prion
prion
Null pointer dereference
2018-11-10 19:29:00
Null pointer dereference
2018-11-07 16:29:00
Null pointer dereference
2018-12-26 04:29:00
gentoo
gentoo
Poppler: Multiple vulnerabilities
2019-04-02 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.02

Percentile

89.1%

JSON
Related for CESA-2019:2022
nessus47amazon2oraclelinux2redhat2openvas38fedora14osv14debian5ubuntu4mageia4suse1debiancve6veracode8cvelist8ubuntucve9cve9redhatcve10nvd6prion9gentoo1