Test ID:	1.3.6.1.4.1.25623.1.1.12.2022.5282.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5282-1)
Summary:	The remote host is missing an update for the 'pdfresurrect' package(s) announced via the USN-5282-1 advisory.
Description:	Summary: The remote host is missing an update for the 'pdfresurrect' package(s) announced via the USN-5282-1 advisory. Vulnerability Insight: It was discovered that PDFResurrect was incorrectly handling corrupted PDF files. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service, or arbitrary code execution. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-14267) It was discovered that PDFResurrect incorrectly handled memory when loading PDF pages. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service, or arbitrary code execution. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-14934) It was discovered that PDFResurrect was incorrectly validating header data in input PDF files. An attacker could possibly use this issue to cause a heap buffer overflow, resulting in a denial of service, or arbitrary code execution. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-20740) Carter Yagemann discovered that PDFResurrect incorrectly handled certain memory operations during PDF summary generation. An attacker could use this to cause out-of-bounds writes, resulting in a denial of service (system crash) or arbitrary code execution. This issue only affected Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-9549) It was discovered that PDFResurrect was incorrectly processing data when performing trailer search operations. An attacker could possibly use this issue to cause an infinite loop, resulting in a denial of service. (CVE-2021-3508) Affected Software/OS: 'pdfresurrect' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14267 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBYXYU2VSDJ3NAL54IW2KYD3TZSR33M/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y243C2IFMRFQWHV62JCSHTMQGDDCICNF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LXN6W5QTNQJ2LFDCQWKYSMMZ3NPUWP3U/ http://packetstormsecurity.com/files/153767/pdfresurrect-0.15-Buffer-Overflow.html https://github.com/enferex/pdfresurrect/commits/master https://github.com/snappyJack/pdfresurrect_CVE-2019-14267 Common Vulnerability Exposure (CVE) ID: CVE-2019-14934 https://github.com/enferex/pdfresurrect/commit/0c4120fffa3dffe97b95c486a120eded82afe8a6 https://github.com/enferex/pdfresurrect/compare/v0.17...v0.18 https://lists.debian.org/debian-lts-announce/2020/12/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2020-20740 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZOIEVFM3SIMAEOFJKKMYH2TLZ7PXLSUD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEEEPBBGER5LPABBRVZLMCC6Z24RBXW/ https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397 https://github.com/enferex/pdfresurrect/issues/14 Common Vulnerability Exposure (CVE) ID: CVE-2020-9549 https://github.com/enferex/pdfresurrect/issues/8 https://lists.debian.org/debian-lts-announce/2020/03/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3508 https://bugzilla.redhat.com/show_bug.cgi?id=1951198 https://github.com/enferex/pdfresurrect/issues/17
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.