Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.1.2.2021.1347 |
Category: | Huawei EulerOS Local Security Checks |
Title: | Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2021-1347) |
Summary: | The remote host is missing an update for the Huawei EulerOS 'poppler' package(s) announced via the EulerOS-SA-2021-1347 advisory. |
Description: | Summary: The remote host is missing an update for the Huawei EulerOS 'poppler' package(s) announced via the EulerOS-SA-2021-1347 advisory. Vulnerability Insight: Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.(CVE-2019-9631) In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.(CVE-2019-12293) A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.(CVE-2019-12360) Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.(CVE-2018-21009) In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.(CVE-2017-14927) The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc.(CVE-2017-9865) Affected Software/OS: 'poppler' package(s) on Huawei EulerOS V2.0SP2. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-9865 Debian Security Information: DSA-4079 (Google Search) https://www.debian.org/security/2018/dsa-4079 https://security.gentoo.org/glsa/201801-17 http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html https://bugs.freedesktop.org/show_bug.cgi?id=100774 https://usn.ubuntu.com/4042-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9631 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/ https://gitlab.freedesktop.org/poppler/poppler/issues/736 https://lists.debian.org/debian-lts-announce/2019/04/msg00011.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html RedHat Security Advisories: RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2022 RedHat Security Advisories: RHSA-2019:2713 https://access.redhat.com/errata/RHSA-2019:2713 |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |