Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.1.2.2021.1252 |
Category: | Huawei EulerOS Local Security Checks |
Title: | Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2021-1252) |
Summary: | The remote host is missing an update for the Huawei EulerOS 'poppler' package(s) announced via the EulerOS-SA-2021-1252 advisory. |
Description: | Summary: The remote host is missing an update for the Huawei EulerOS 'poppler' package(s) announced via the EulerOS-SA-2021-1252 advisory. Vulnerability Insight: In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.(CVE-2018-16646) An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.(CVE-2018-18897) An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.(CVE-2018-19060) XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.(CVE-2018-20481) An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.(CVE-2019-14494) In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.(CVE-2019-7310) Affected Software/OS: 'poppler' package(s) on Huawei EulerOS V2.0SP9. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-7310 BugTraq ID: 106829 http://www.securityfocus.com/bid/106829 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BI7NLDN2HUEU4ZW3D7XPHOAEGT2CKDRO/ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12797 https://gitlab.freedesktop.org/poppler/poppler/issues/717 https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html RedHat Security Advisories: RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2022 RedHat Security Advisories: RHSA-2019:2713 https://access.redhat.com/errata/RHSA-2019:2713 https://usn.ubuntu.com/3886-1/ |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |