ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0092
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0092)
Resumen:	The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2019-0092 advisory.
Descripción:	Summary: The remote host is missing an update for the 'poppler' package(s) announced via the MGASA-2019-0092 advisory. Vulnerability Insight: An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897) XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481) A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. (CVE-2018-20551) A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. (CVE-2018-20650) In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. (CVE-2019-7310) Affected Software/OS: 'poppler' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-18897 https://gitlab.freedesktop.org/poppler/poppler/issues/654 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html RedHat Security Advisories: RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2022 RedHat Security Advisories: RHSA-2019:2713 https://access.redhat.com/errata/RHSA-2019:2713 https://usn.ubuntu.com/4042-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-20481 BugTraq ID: 106321 http://www.securityfocus.com/bid/106321 https://gitlab.freedesktop.org/poppler/poppler/issues/692 https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143 https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html https://usn.ubuntu.com/3865-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-20551 https://gitlab.freedesktop.org/poppler/poppler/issues/703 https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146 https://usn.ubuntu.com/3886-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-20650 BugTraq ID: 106459 http://www.securityfocus.com/bid/106459 https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7 https://gitlab.freedesktop.org/poppler/poppler/issues/704 https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html Common Vulnerability Exposure (CVE) ID: CVE-2019-7310 BugTraq ID: 106829 http://www.securityfocus.com/bid/106829 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797 https://gitlab.freedesktop.org/poppler/poppler/issues/717
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.