ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2017.0276
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2017-0276)
Resumen:	The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2017-0276 advisory.
Descripción:	Summary: The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2017-0276 advisory. Vulnerability Insight: Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service (CVE-2017-7511). It was discovered that the poppler pdfunite tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to hang, resulting in a denial of service (CVE-2017-7515). It was discovered that poppler incorrectly handled memory when processing PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to consume resources, resulting in a denial of service (CVE-2017-9406, CVE-2017-9408). Alberto Garcia, Francisco Oca, and Suleman Ali discovered that the poppler pdftocairo tool incorrectly parsed certain malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause poppler to crash, resulting in a denial of service (CVE-2017-9775). Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document (CVE-2017-9776). The function GfxImageColorMap::getGray in GfxState.cc in Poppler allows attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc (CVE-2017-9865). Affected Software/OS: 'poppler' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7511 GLSA-201801-17 https://security.gentoo.org/glsa/201801-17 https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a Common Vulnerability Exposure (CVE) ID: CVE-2017-7515 https://bugs.freedesktop.org/show_bug.cgi?id=101208 Common Vulnerability Exposure (CVE) ID: CVE-2017-9406 Debian Security Information: DSA-4079 (Google Search) https://www.debian.org/security/2018/dsa-4079 Common Vulnerability Exposure (CVE) ID: CVE-2017-9408 Common Vulnerability Exposure (CVE) ID: CVE-2017-9775 BugTraq ID: 99241 http://www.securityfocus.com/bid/99241 RedHat Security Advisories: RHSA-2017:2551 https://access.redhat.com/errata/RHSA-2017:2551 Common Vulnerability Exposure (CVE) ID: CVE-2017-9776 BugTraq ID: 99240 http://www.securityfocus.com/bid/99240 RedHat Security Advisories: RHSA-2017:2550 https://access.redhat.com/errata/RHSA-2017:2550 Common Vulnerability Exposure (CVE) ID: CVE-2017-9865 http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html https://bugs.freedesktop.org/show_bug.cgi?id=100774 https://usn.ubuntu.com/4042-1/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.