Poppler 0.74 Multiple Vulnerabilities

high Nessus Plugin ID 127045

Synopsis

A package installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Poppler installed on the remote host is 0.74. It is, therefore, affected by multiple vulnerabilities:

- An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. (CVE-2019-9543)

- PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. (CVE-2019-9903)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to a patched version of Poppler once it is available.

See Also

https://gitlab.freedesktop.org/poppler/poppler/issues/741

https://gitlab.freedesktop.org/poppler/poppler/issues/730

Plugin Details

Severity: High

ID: 127045

File Name: poppler_0_75.nasl

Version: 1.5

Type: local

Agent: unix macosx

Family: Misc.

Published: 7/26/2019

Updated: 5/8/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-9543

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:freedesktop:poppler

Required KB Items: Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/21/2019

Vulnerability Publication Date: 3/13/2019

Reference Information

CVE: CVE-2019-9543, CVE-2019-9903

BID: 107560, 107238

IAVB: 2019-B-0064-S