The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2713 advisory.

  - poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)

  - poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)

  - poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551)

  - poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)

  - poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)

  - poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)

  - poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)

  - poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc     (CVE-2019-9631)

  - poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903)

  - poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)

  - poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc     (CVE-2019-10871)

  - poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : poppler (RHSA-2019:2713)

critical Nessus Plugin ID 128850

Version 1.7

Version 1.6

Version 1.7 Apr 28, 2024, 3:17 AM Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404280317
Version 1.6 Apr 25, 2024, 1:31 PM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Exploit attributes ("Exploit available" set to "True") CVSSv2 score source (set to "CVE-2019-9631") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") Plugin Feed: 202404251331