Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.2.2021.1347
Category:Huawei EulerOS Local Security Checks
Title:Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2021-1347)
Summary:The remote host is missing an update for the Huawei EulerOS 'poppler' package(s) announced via the EulerOS-SA-2021-1347 advisory.
Description:Summary:
The remote host is missing an update for the Huawei EulerOS 'poppler' package(s) announced via the EulerOS-SA-2021-1347 advisory.

Vulnerability Insight:
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631)

In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.(CVE-2019-12293)

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.(CVE-2019-12360)

Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.(CVE-2018-21009)

In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.(CVE-2017-14927)

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.(CVE-2017-9865)

Affected Software/OS:
'poppler' package(s) on Huawei EulerOS V2.0SP2.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-9865
Debian Security Information: DSA-4079 (Google Search)
https://www.debian.org/security/2018/dsa-4079
https://security.gentoo.org/glsa/201801-17
http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html
https://bugs.freedesktop.org/show_bug.cgi?id=100774
https://usn.ubuntu.com/4042-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-9631
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/
https://gitlab.freedesktop.org/poppler/poppler/issues/736
https://lists.debian.org/debian-lts-announce/2019/04/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
RedHat Security Advisories: RHSA-2019:2022
https://access.redhat.com/errata/RHSA-2019:2022
RedHat Security Advisories: RHSA-2019:2713
https://access.redhat.com/errata/RHSA-2019:2713
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.