Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2019-2713.NASLHistorySep 16, 2019 - 12:00 a.m.
RHEL 8 : poppler (RHSA-2019:2713)
2019-09-1600:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
34
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
0.026 Low
EPSS
Percentile
90.4%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2713 advisory.
-
poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)
-
poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)
-
poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551)
-
poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)
-
poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)
-
poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)
-
poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)
-
poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)
-
poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903)
-
poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)
-
poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871)
-
poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2019:2713. The text
# itself is copyright (C) Red Hat, Inc.
#
include('compat.inc');
if (description)
{
script_id(128850);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/27");
script_cve_id(
"CVE-2018-18897",
"CVE-2018-20481",
"CVE-2018-20551",
"CVE-2018-20650",
"CVE-2018-20662",
"CVE-2019-10871",
"CVE-2019-12293",
"CVE-2019-7310",
"CVE-2019-9200",
"CVE-2019-9631",
"CVE-2019-9903",
"CVE-2019-9959"
);
script_xref(name:"RHSA", value:"2019:2713");
script_name(english:"RHEL 8 : poppler (RHSA-2019:2713)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for poppler.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2019:2713 advisory.
- poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)
- poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)
- poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551)
- poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)
- poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)
- poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)
- poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)
- poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc
(CVE-2019-9631)
- poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903)
- poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)
- poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc
(CVE-2019-10871)
- poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2019/rhsa-2019_2713.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?33cb369e");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:2713");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1646546");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1665259");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1665263");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1665266");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1665273");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1672419");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1683632");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1686802");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1691724");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1696636");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1713582");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1732340");
script_set_attribute(attribute:"solution", value:
"Update the RHEL poppler package based on the guidance in RHSA-2019:2713.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9631");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(122, 125, 190, 400, 476, 617);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/02");
script_set_attribute(attribute:"patch_publication_date", value:"2019/09/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-cpp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-cpp-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-glib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-glib-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-qt5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-qt5-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:poppler-utils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel8/8.10/aarch64/appstream/debug',
'content/dist/rhel8/8.10/aarch64/appstream/os',
'content/dist/rhel8/8.10/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.10/aarch64/codeready-builder/debug',
'content/dist/rhel8/8.10/aarch64/codeready-builder/os',
'content/dist/rhel8/8.10/aarch64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.10/ppc64le/appstream/debug',
'content/dist/rhel8/8.10/ppc64le/appstream/os',
'content/dist/rhel8/8.10/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.10/ppc64le/codeready-builder/debug',
'content/dist/rhel8/8.10/ppc64le/codeready-builder/os',
'content/dist/rhel8/8.10/ppc64le/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.10/s390x/appstream/debug',
'content/dist/rhel8/8.10/s390x/appstream/os',
'content/dist/rhel8/8.10/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.10/s390x/codeready-builder/debug',
'content/dist/rhel8/8.10/s390x/codeready-builder/os',
'content/dist/rhel8/8.10/s390x/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.10/x86_64/appstream/debug',
'content/dist/rhel8/8.10/x86_64/appstream/os',
'content/dist/rhel8/8.10/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.10/x86_64/codeready-builder/debug',
'content/dist/rhel8/8.10/x86_64/codeready-builder/os',
'content/dist/rhel8/8.10/x86_64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.6/aarch64/appstream/debug',
'content/dist/rhel8/8.6/aarch64/appstream/os',
'content/dist/rhel8/8.6/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.6/aarch64/codeready-builder/debug',
'content/dist/rhel8/8.6/aarch64/codeready-builder/os',
'content/dist/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.6/ppc64le/appstream/debug',
'content/dist/rhel8/8.6/ppc64le/appstream/os',
'content/dist/rhel8/8.6/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.6/ppc64le/codeready-builder/debug',
'content/dist/rhel8/8.6/ppc64le/codeready-builder/os',
'content/dist/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.6/s390x/appstream/debug',
'content/dist/rhel8/8.6/s390x/appstream/os',
'content/dist/rhel8/8.6/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.6/s390x/codeready-builder/debug',
'content/dist/rhel8/8.6/s390x/codeready-builder/os',
'content/dist/rhel8/8.6/s390x/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.6/x86_64/appstream/debug',
'content/dist/rhel8/8.6/x86_64/appstream/os',
'content/dist/rhel8/8.6/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.6/x86_64/codeready-builder/debug',
'content/dist/rhel8/8.6/x86_64/codeready-builder/os',
'content/dist/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.8/aarch64/appstream/debug',
'content/dist/rhel8/8.8/aarch64/appstream/os',
'content/dist/rhel8/8.8/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.8/aarch64/codeready-builder/debug',
'content/dist/rhel8/8.8/aarch64/codeready-builder/os',
'content/dist/rhel8/8.8/aarch64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.8/ppc64le/appstream/debug',
'content/dist/rhel8/8.8/ppc64le/appstream/os',
'content/dist/rhel8/8.8/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.8/ppc64le/codeready-builder/debug',
'content/dist/rhel8/8.8/ppc64le/codeready-builder/os',
'content/dist/rhel8/8.8/ppc64le/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.8/s390x/appstream/debug',
'content/dist/rhel8/8.8/s390x/appstream/os',
'content/dist/rhel8/8.8/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.8/s390x/codeready-builder/debug',
'content/dist/rhel8/8.8/s390x/codeready-builder/os',
'content/dist/rhel8/8.8/s390x/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.8/x86_64/appstream/debug',
'content/dist/rhel8/8.8/x86_64/appstream/os',
'content/dist/rhel8/8.8/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.8/x86_64/codeready-builder/debug',
'content/dist/rhel8/8.8/x86_64/codeready-builder/os',
'content/dist/rhel8/8.8/x86_64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.9/aarch64/appstream/debug',
'content/dist/rhel8/8.9/aarch64/appstream/os',
'content/dist/rhel8/8.9/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.9/aarch64/codeready-builder/debug',
'content/dist/rhel8/8.9/aarch64/codeready-builder/os',
'content/dist/rhel8/8.9/aarch64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.9/ppc64le/appstream/debug',
'content/dist/rhel8/8.9/ppc64le/appstream/os',
'content/dist/rhel8/8.9/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.9/ppc64le/codeready-builder/debug',
'content/dist/rhel8/8.9/ppc64le/codeready-builder/os',
'content/dist/rhel8/8.9/ppc64le/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.9/s390x/appstream/debug',
'content/dist/rhel8/8.9/s390x/appstream/os',
'content/dist/rhel8/8.9/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.9/s390x/codeready-builder/debug',
'content/dist/rhel8/8.9/s390x/codeready-builder/os',
'content/dist/rhel8/8.9/s390x/codeready-builder/source/SRPMS',
'content/dist/rhel8/8.9/x86_64/appstream/debug',
'content/dist/rhel8/8.9/x86_64/appstream/os',
'content/dist/rhel8/8.9/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.9/x86_64/codeready-builder/debug',
'content/dist/rhel8/8.9/x86_64/codeready-builder/os',
'content/dist/rhel8/8.9/x86_64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8/aarch64/appstream/debug',
'content/dist/rhel8/8/aarch64/appstream/os',
'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8/aarch64/codeready-builder/debug',
'content/dist/rhel8/8/aarch64/codeready-builder/os',
'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',
'content/dist/rhel8/8/ppc64le/appstream/debug',
'content/dist/rhel8/8/ppc64le/appstream/os',
'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8/ppc64le/codeready-builder/debug',
'content/dist/rhel8/8/ppc64le/codeready-builder/os',
'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',
'content/dist/rhel8/8/s390x/appstream/debug',
'content/dist/rhel8/8/s390x/appstream/os',
'content/dist/rhel8/8/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8/s390x/codeready-builder/debug',
'content/dist/rhel8/8/s390x/codeready-builder/os',
'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',
'content/dist/rhel8/8/x86_64/appstream/debug',
'content/dist/rhel8/8/x86_64/appstream/os',
'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8/x86_64/codeready-builder/debug',
'content/dist/rhel8/8/x86_64/codeready-builder/os',
'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS'
],
'pkgs': [
{'reference':'poppler-0.66.0-11.el8_0.12', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'poppler-cpp-0.66.0-11.el8_0.12', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'poppler-cpp-devel-0.66.0-11.el8_0.12', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'poppler-devel-0.66.0-11.el8_0.12', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'poppler-glib-0.66.0-11.el8_0.12', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'poppler-glib-devel-0.66.0-11.el8_0.12', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'poppler-qt5-0.66.0-11.el8_0.12', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'poppler-qt5-devel-0.66.0-11.el8_0.12', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'poppler-utils-0.66.0-11.el8_0.12', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'poppler / poppler-cpp / poppler-cpp-devel / poppler-devel / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | poppler | p-cpe:/a:redhat:enterprise_linux:poppler |
| redhat | enterprise_linux | poppler-cpp | p-cpe:/a:redhat:enterprise_linux:poppler-cpp |
| redhat | enterprise_linux | poppler-cpp-devel | p-cpe:/a:redhat:enterprise_linux:poppler-cpp-devel |
| redhat | enterprise_linux | poppler-devel | p-cpe:/a:redhat:enterprise_linux:poppler-devel |
| redhat | enterprise_linux | poppler-glib | p-cpe:/a:redhat:enterprise_linux:poppler-glib |
| redhat | enterprise_linux | poppler-glib-devel | p-cpe:/a:redhat:enterprise_linux:poppler-glib-devel |
| redhat | enterprise_linux | poppler-qt5 | p-cpe:/a:redhat:enterprise_linux:poppler-qt5 |
| redhat | enterprise_linux | poppler-qt5-devel | p-cpe:/a:redhat:enterprise_linux:poppler-qt5-devel |
| redhat | enterprise_linux | poppler-utils | p-cpe:/a:redhat:enterprise_linux:poppler-utils |
| redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18897
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20481
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20551
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20650
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20662
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10871
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7310
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9200
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9631
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9903
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9959
www.nessus.org/u?33cb369e
access.redhat.com/errata/RHSA-2019:2713
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1646546
bugzilla.redhat.com/show_bug.cgi?id=1665259
bugzilla.redhat.com/show_bug.cgi?id=1665263
bugzilla.redhat.com/show_bug.cgi?id=1665266
bugzilla.redhat.com/show_bug.cgi?id=1665273
bugzilla.redhat.com/show_bug.cgi?id=1672419
bugzilla.redhat.com/show_bug.cgi?id=1683632
bugzilla.redhat.com/show_bug.cgi?id=1686802
bugzilla.redhat.com/show_bug.cgi?id=1691724
bugzilla.redhat.com/show_bug.cgi?id=1696636
bugzilla.redhat.com/show_bug.cgi?id=1713582
bugzilla.redhat.com/show_bug.cgi?id=1732340
Related
nessus
nessus
CentOS 8 : poppler (CESA-2019:2713)
2021-01-29 00:00:00
Oracle Linux 8 : poppler (ELSA-2019-2713)
2019-09-16 00:00:00
Fedora 29 : poppler (2019-7ff7f5093e)
2019-01-24 00:00:00
oraclelinux
oraclelinux
poppler security update
2019-09-12 00:00:00
poppler security, bug fix, and enhancement update
2019-08-13 00:00:00
poppler and evince security update
2020-04-06 00:00:00
redhat
redhat
(RHSA-2019:2713) Moderate: poppler security update
2019-09-10 15:32:22
(RHSA-2019:2022) Moderate: poppler security, bug fix, and enhancement update
2019-08-06 07:51:02
(RHSA-2020:1074) Moderate: poppler and evince security update
2020-03-31 09:15:25
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0092)
2022-01-28 00:00:00
Fedora Update for poppler FEDORA-2019-7ff7f5093e
2019-05-07 00:00:00
Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2019-1827)
2020-01-23 00:00:00
mageia
mageia
Updated poppler packages fix security vulnerability
2019-02-20 23:56:50
Updated poppler packages fix security vulnerabilities
2019-09-15 15:11:55
Updated poppler packages fix security vulnerabilities
2019-03-29 18:51:06
fedora
fedora
[SECURITY] Fedora 29 Update: poppler-0.67.0-10.fc29
2019-01-24 04:34:33
[SECURITY] Fedora 30 Update: poppler-0.73.0-8.fc30
2019-04-04 00:03:36
[SECURITY] Fedora 29 Update: poppler-0.67.0-16.fc29
2019-04-06 19:44:47
suse
suse
Security update for poppler (important)
2021-12-01 00:00:00
debian
debian
[SECURITY] [DLA 1706-1] poppler security update
2019-03-08 20:37:16
[SECURITY] [DLA 1963-1] poppler security update
2019-10-17 21:17:50
[SECURITY] [DLA 2287-1] poppler security update
2020-07-23 10:16:10
osv
osv
poppler - security update
2019-03-08 00:00:00
poppler - security update
2020-07-23 00:00:00
poppler - security update
2022-09-26 00:00:00
centos
centos
evince, okular, poppler security update
2019-08-30 02:44:38
evince, poppler security update
2020-04-08 17:56:37
amazon
amazon
Medium: poppler
2019-08-23 17:01:00
Medium: poppler
2019-10-21 18:01:00
Medium: poppler
2020-08-18 20:33:00
ubuntu
ubuntu
poppler vulnerabilities
2019-02-11 00:00:00
poppler vulnerabilities
2019-01-22 00:00:00
poppler vulnerabilities
2019-06-27 00:00:00
kitploit
kitploit
debiancve
debiancve
cvelist
cvelist
cve
cve
nvd
nvd
prion
prion
Design/Logic Flaw
2018-12-28 16:29:00
Null pointer dereference
2018-12-26 04:29:00
Design/Logic Flaw
2019-01-01 16:29:00
ubuntucve
ubuntucve
veracode
veracode
Denial Of Service (Dos)
2019-08-08 00:07:10
Denial Of Service (DoS)
2023-10-09 12:14:17
Denial Of Service (DoS)
2018-12-26 08:52:33
redhatcve
redhatcve
alpinelinux
alpinelinux
CVE-2019-9959
2019-07-22 15:15:10
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.4 High
AI Score
Confidence
High
0.026 Low
EPSS
Percentile
90.4%
Related for REDHAT-RHSA-2019-2713.NASL