 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.13.2024.040.01 |
| Category: | Slackware Local Security Checks |
| Title: | Slackware: Security Advisory (SSA:2024-040-01) |
| Summary: | The remote host is missing an update for the 'xpdf' package(s) announced via the SSA:2024-040-01 advisory. |
| Description: | Summary: The remote host is missing an update for the 'xpdf' package(s) announced via the SSA:2024-040-01 advisory. Vulnerability Insight: New xpdf packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/xpdf-4.05-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Fixed a bug in the ICCBased color space parser that was allowing the number of components to be zero. Thanks to huckleberry for the bug report. Fixed a bug in the ICCBased color space parser that was allowing the number of components to be zero. Thanks to huckleberry for the bug report. Added checks for PDF object loops in AcroForm::scanField(), Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree(). The zero-width character problem can also happen if the page size is very large -- that needs to be limited too, the same way as character position coordinates. Thanks to jlinliu for the bug report. Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for the bug report. Fix a deadlock when an object stream's length field is contained in another object stream. Thanks to Jiahao Liu for the bug report. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'xpdf' package(s) on Slackware 15.0, Slackware current. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-16369 https://github.com/TeamSeri0us/pocs/tree/master/xpdf Common Vulnerability Exposure (CVE) ID: CVE-2018-7453 https://forum.xpdfreader.com/viewtopic.php?p=814#p814 Common Vulnerability Exposure (CVE) ID: CVE-2022-36561 https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308 Common Vulnerability Exposure (CVE) ID: CVE-2022-41844 http://www.xpdfreader.com/download.html https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928 https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308&p=43844&hilit=XRef%3A%3Afetch#p43844 Common Vulnerability Exposure (CVE) ID: CVE-2023-2662 https://forum.xpdfreader.com/viewtopic.php?t=42505 Common Vulnerability Exposure (CVE) ID: CVE-2023-2663 https://forum.xpdfreader.com/viewtopic.php?t=42421 Common Vulnerability Exposure (CVE) ID: CVE-2023-2664 https://forum.xpdfreader.com/viewtopic.php?t=42422 Common Vulnerability Exposure (CVE) ID: CVE-2023-3044 https://github.com/baker221/poc-xpdf https://www.xpdfreader.com/security-bug/CVE-2023-3044.html Common Vulnerability Exposure (CVE) ID: CVE-2023-3436 https://forum.xpdfreader.com/viewtopic.php?t=42618 |
| Copyright | Copyright (C) 2024 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |