SUSE SLES12 Security Update : poppler (SUSE-SU-2023:2907-1)

high Nessus Plugin ID 178693



The remote SUSE host is missing one or more security updates.


The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2907-1 advisory.

- The FoFiType1C::cvtGlyph function in fofi/ in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

- Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.

- In Poppler 0.68.0, the Parser::getObj() function in may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. (CVE-2018-16646)

- An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in, as demonstrated by pdftocairo. (CVE-2018-18897)

- An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in lacks a stream check before saving an embedded file.

- An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in, will lead to denial of service, as demonstrated by utils/ not validating embedded files before save attempts. (CVE-2018-19059)

- An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/ not validating a filename of an embedded file before constructing a save path. (CVE-2018-19060)

- Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. (CVE-2018-19149)

- XRef::getEntry in in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in (CVE-2018-20481)

- A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in in pdfdetach. (CVE-2018-20650)

- Poppler before 0.66.0 has an integer overflow in Parser::makeStream in (CVE-2018-21009)

- In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in via data with inconsistent heights or widths. (CVE-2019-12293)

- In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo. (CVE-2019-7310)

- A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. (CVE-2022-27337)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 178693

File Name: suse_SU-2023-2907-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 7/21/2023

Updated: 7/21/2023

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-7310


Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2019-12293

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libpoppler-cpp0, p-cpe:/a:novell:suse_linux:libpoppler-devel, p-cpe:/a:novell:suse_linux:libpoppler-glib-devel, p-cpe:/a:novell:suse_linux:libpoppler-glib8, p-cpe:/a:novell:suse_linux:libpoppler-qt4-4, p-cpe:/a:novell:suse_linux:libpoppler-qt4-devel, p-cpe:/a:novell:suse_linux:libpoppler60, p-cpe:/a:novell:suse_linux:poppler-tools, p-cpe:/a:novell:suse_linux:typelib-1_0-poppler-0_18, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/20/2023

Vulnerability Publication Date: 5/10/2018

Reference Information

CVE: CVE-2017-18267, CVE-2018-13988, CVE-2018-16646, CVE-2018-18897, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060, CVE-2018-19149, CVE-2018-20481, CVE-2018-20650, CVE-2018-21009, CVE-2019-12293, CVE-2019-7310, CVE-2022-27337

SuSE: SUSE-SU-2023:2907-1