Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-3120.NASL
HistorySep 26, 2022 - 12:00 a.m.

Debian DLA-3120-1 : poppler - LTS security update

2022-09-2600:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
34
debian 10
poppler package
security update
vulnerabilities
memory leak
denial of service
divide-by-zero
stack consumption
integer overflow
arbitrary code execution

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.011 Low

EPSS

Percentile

84.5%

JSON

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3120 advisory.

  • An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897)

  • An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
    (CVE-2018-19058)

  • A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. (CVE-2018-20650)

  • An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. (CVE-2019-14494)

  • PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. (CVE-2019-9903)

  • The JPXStream::init function in Poppler 0.78.0 and earlier doesn’t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)

  • A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the ‘pdftohtml’ program, would crash the application causing a denial of service. (CVE-2020-27778)

  • A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. (CVE-2022-27337)

  • Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. (CVE-2022-38784)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-3120. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(165449);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/10");

  script_cve_id(
    "CVE-2018-18897",
    "CVE-2018-19058",
    "CVE-2018-20650",
    "CVE-2019-9903",
    "CVE-2019-9959",
    "CVE-2019-14494",
    "CVE-2020-27778",
    "CVE-2022-27337",
    "CVE-2022-38784"
  );
  script_xref(name:"IAVB", value:"2022-B-0039-S");
  script_xref(name:"IAVB", value:"2022-B-0050-S");

  script_name(english:"Debian DLA-3120-1 : poppler - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-3120 advisory.

  - An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in
    GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897)

  - An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of
    service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
    (CVE-2018-19058)

  - A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service
    due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in
    FileSpec.cc) in pdfdetach. (CVE-2018-20650)

  - An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function
    SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. (CVE-2019-14494)

  - PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in
    the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted
    pdf file to the pdfunite binary. (CVE-2019-9903)

  - The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream
    length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the
    heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)

  - A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could
    exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would
    crash the application causing a denial of service. (CVE-2020-27778)

  - A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of
    Service (DoS) via a crafted PDF file. (CVE-2022-27337)

  - Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder
    (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2
    image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability
    described by CVE-2022-38171 in Xpdf. (CVE-2022-38784)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913164");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/poppler");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2022/dla-3120");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-18897");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-19058");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-20650");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-14494");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-9903");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-9959");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-27778");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-27337");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-38784");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/poppler");
  script_set_attribute(attribute:"solution", value:
"Upgrade the poppler packages.

For Debian 10 buster, these problems have been fixed in version 0.71.0-5+deb10u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-27778");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-38784");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/09/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-cpp0v5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-glib-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-glib-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-glib8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-private-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-qt5-1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler-qt5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpoppler82");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:poppler-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var release = get_kb_item('Host/Debian/release');
if ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');
var release = chomp(release);
if (! preg(pattern:"^(10)\.[0-9]+", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '10.0', 'prefix': 'gir1.2-poppler-0.18', 'reference': '0.71.0-5+deb10u1'},
    {'release': '10.0', 'prefix': 'libpoppler-cpp-dev', 'reference': '0.71.0-5+deb10u1'},
    {'release': '10.0', 'prefix': 'libpoppler-cpp0v5', 'reference': '0.71.0-5+deb10u1'},
    {'release': '10.0', 'prefix': 'libpoppler-dev', 'reference': '0.71.0-5+deb10u1'},
    {'release': '10.0', 'prefix': 'libpoppler-glib-dev', 'reference': '0.71.0-5+deb10u1'},
    {'release': '10.0', 'prefix': 'libpoppler-glib-doc', 'reference': '0.71.0-5+deb10u1'},
    {'release': '10.0', 'prefix': 'libpoppler-glib8', 'reference': '0.71.0-5+deb10u1'},
    {'release': '10.0', 'prefix': 'libpoppler-private-dev', 'reference': '0.71.0-5+deb10u1'},
    {'release': '10.0', 'prefix': 'libpoppler-qt5-1', 'reference': '0.71.0-5+deb10u1'},
    {'release': '10.0', 'prefix': 'libpoppler-qt5-dev', 'reference': '0.71.0-5+deb10u1'},
    {'release': '10.0', 'prefix': 'libpoppler82', 'reference': '0.71.0-5+deb10u1'},
    {'release': '10.0', 'prefix': 'poppler-utils', 'reference': '0.71.0-5+deb10u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (release && prefix && reference) {
    if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-poppler-0.18 / libpoppler-cpp-dev / libpoppler-cpp0v5 / etc');
}
VendorProductVersionCPE
debiandebian_linuxgir1.2-poppler-0.18p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18
debiandebian_linuxlibpoppler-cpp-devp-cpe:/a:debian:debian_linux:libpoppler-cpp-dev
debiandebian_linuxlibpoppler-cpp0v5p-cpe:/a:debian:debian_linux:libpoppler-cpp0v5
debiandebian_linuxlibpoppler-devp-cpe:/a:debian:debian_linux:libpoppler-dev
debiandebian_linuxlibpoppler-glib-devp-cpe:/a:debian:debian_linux:libpoppler-glib-dev
debiandebian_linuxlibpoppler-glib-docp-cpe:/a:debian:debian_linux:libpoppler-glib-doc
debiandebian_linuxlibpoppler-glib8p-cpe:/a:debian:debian_linux:libpoppler-glib8
debiandebian_linuxlibpoppler-private-devp-cpe:/a:debian:debian_linux:libpoppler-private-dev
debiandebian_linuxlibpoppler-qt5-1p-cpe:/a:debian:debian_linux:libpoppler-qt5-1
debiandebian_linuxlibpoppler-qt5-devp-cpe:/a:debian:debian_linux:libpoppler-qt5-dev
Rows per page:
1-10 of 131

References

Related

osv 18
openvas 34
debian 3
nessus 59
amazon 1
ubuntucve 7
alpinelinux 3
debiancve 6
prion 7
nvd 7
cve 6
mageia 4
cvelist 7
suse 1
altlinux 1
redhatcve 7
fedora 6
oraclelinux 3
redhat 2
rosalinux 1
rocky 2
almalinux 4
veracode 6
ubuntu 2
redos 1
cnvd 1
osv
osv
poppler - security update
2022-09-26 00:00:00
poppler - security update
2022-09-06 00:00:00
poppler - security update
2020-11-08 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3120-1)
2022-09-26 00:00:00
Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2020-1125)
2020-02-24 00:00:00
Mageia: Security Advisory (MGASA-2022-0386)
2022-10-24 00:00:00
debian
debian
[SECURITY] [DLA 3120-1] poppler security update
2022-09-25 22:47:37
[SECURITY] [DSA 5224-1] poppler security update
2022-09-06 19:32:19
[SECURITY] [DLA 2440-1] poppler security update
2020-11-08 23:59:37
nessus
nessus
Debian DSA-5224-1 : poppler - security update
2022-09-07 00:00:00
Amazon Linux 2 : poppler (ALAS-2023-2075)
2023-06-08 00:00:00
EulerOS 2.0 SP5 : poppler (EulerOS-SA-2020-1125)
2020-02-24 00:00:00
amazon
amazon
Medium: poppler
2023-06-05 16:39:00
ubuntucve
ubuntucve
CVE-2022-38784
2022-08-30 00:00:00
CVE-2022-38171
2022-08-22 00:00:00
CVE-2019-9903
2019-03-21 00:00:00
alpinelinux
alpinelinux
CVE-2022-38784
2022-08-30 03:15:07
CVE-2019-9959
2019-07-22 15:15:10
CVE-2020-27778
2020-12-03 17:15:13
debiancve
debiancve
CVE-2022-38784
2022-08-30 03:15:07
CVE-2018-20650
2019-01-01 16:29:00
CVE-2019-9903
2019-03-21 18:29:00
prion
prion
Integer overflow
2022-08-30 03:15:00
Design/Logic Flaw
2019-01-01 16:29:00
Memory corruption
2018-11-02 07:29:00
nvd
nvd
CVE-2022-38784
2022-08-30 03:15:07
CVE-2018-20650
2019-01-01 16:29:00
CVE-2019-9903
2019-03-21 18:29:00
cve
cve
CVE-2022-38784
2022-08-30 03:15:07
CVE-2018-18897
2018-11-02 07:29:00
CVE-2019-9903
2019-03-21 18:29:00
mageia
mageia
Updated poppler packages fix security vulnerability
2022-10-24 01:48:35
Updated poppler packages fix security vulnerability
2019-02-20 23:56:50
Updated poppler packages fix security vulnerability
2022-08-13 05:32:35
cvelist
cvelist
CVE-2022-38784
2022-08-24 00:00:00
CVE-2018-20650
2019-01-01 16:00:00
CVE-2018-18897
2018-11-02 06:00:00
suse
suse
Security update for poppler (important)
2021-12-01 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package poppler115 version 21.11.0-alt1.p10.1
2023-01-20 00:00:00
redhatcve
redhatcve
CVE-2022-38784
2022-09-07 15:49:05
CVE-2019-9903
2019-03-22 11:19:50
CVE-2018-18897
2018-11-05 16:49:52
fedora
fedora
[SECURITY] Fedora 29 Update: poppler-0.67.0-10.fc29
2019-01-24 04:34:33
[SECURITY] Fedora 37 Update: poppler-22.08.0-2.fc37
2022-10-10 00:18:48
[SECURITY] Fedora 29 Update: poppler-0.67.0-22.fc29
2019-08-13 01:59:39
oraclelinux
oraclelinux
poppler security update
2019-09-12 00:00:00
poppler and evince security, bug fix, and enhancement update
2021-05-25 00:00:00
poppler security and bug fix update
2023-05-15 00:00:00
redhat
redhat
(RHSA-2019:2713) Moderate: poppler security update
2019-09-10 15:32:22
(RHSA-2023:2259) Moderate: poppler security and bug fix update
2023-05-09 05:05:14
rosalinux
rosalinux
Advisory ROSA-SA-2021-1953
2021-07-02 17:59:22
rocky
rocky
poppler security update
2023-05-18 19:17:56
poppler and evince security, bug fix, and enhancement update
2021-05-18 06:18:48
almalinux
almalinux
Moderate: poppler security and bug fix update
2023-05-09 00:00:00
Moderate: poppler security and bug fix update
2022-11-08 00:00:00
Moderate: poppler and evince security, bug fix, and enhancement update
2021-05-18 06:18:48
veracode
veracode
Denial Of Service (Dos)
2019-08-08 00:07:10
Denial Of Service (DoS)
2023-10-09 12:14:17
Integer Overflows
2020-04-01 00:38:38
ubuntu
ubuntu
poppler vulnerabilities
2020-11-25 00:00:00
poppler vulnerability
2022-09-12 00:00:00
redos
redos
ROS-20220926-02
2022-09-26 00:00:00
cnvd
cnvd
Poppler integer overflow vulnerability
2019-07-23 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.011 Low

EPSS

Percentile

84.5%

JSON
Related for DEBIAN_DLA-3120.NASL
osv18openvas34debian3nessus59amazon1ubuntucve7alpinelinux3debiancve6prion7nvd7cve6mageia4cvelist7suse1altlinux1redhatcve7fedora6oraclelinux3redhat2rosalinux1rocky2almalinux4veracode6ubuntu2redos1cnvd1