Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS Advisory ([SECURITY] [DLA 1706-1] poppler security update)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Several security vulnerabilities were discovered in the poppler PDF rendering shared library. CVE-2018-19058 A reachable abort in Object.h will lead to denial-of-service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. CVE-2018-20481 Poppler mishandles unallocated XRef entries, which allows remote attackers to cause a denial-of-service (NULL pointer dereference) via a crafted PDF document. CVE-2018-20662 Poppler allows attackers to cause a denial-of-service (application crash and segmentation fault by crafting a PDF file in which an xref data structure is corrupted. CVE-2019-7310 A heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. CVE-2019-9200 A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause denial-of-service (segmentation fault) or possibly have unspecified other impact.
Affected Software
Affected Software
poppler on Debian Linux
Detection Method
Detection Method
This check tests the installed software version using the apt package manager.
Solution
Solution
For Debian 8 'Jessie', these problems have been fixed in version 0.26.5-2+deb8u8. We recommend that you upgrade your poppler packages.