Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2012:144 | First vendor Publication | 2012-08-28 |
Vendor | Mandriva | Last vendor Modification | 2012-08-28 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities has been found and corrected in tetex: The Gfx::getPos function in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference (CVE-2010-3702). The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in poppler, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted Type1 font that contains a negative array index, which bypasses input validation and which triggers memory corruption (CVE-2010-3704). A heap-based buffer overflow flaw was found in the way AFM font file parser, used for rendering of DVI files, in GNOME evince document viewer and other products, processed line tokens from the given input stream. A remote attacker could provide a DVI file, with embedded specially-crafted font file, and trick the local user to open it with an application using the AFM font parser, leading to that particular application crash or, potentially, arbitrary code execution with the privileges of the user running the application. Different vulnerability than CVE-2010-2642 (CVE-2011-0433). t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a specially crafted Type 1 font in a PDF document (CVE-2011-0764). t1lib 5.1.2 and earlier reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764 (CVE-2011-1552). Use-after-free vulnerability in t1lib 5.1.2 and earlier allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764 (CVE-2011-1553). Off-by-one error in t1lib 5.1.2 and earlier allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764 (CVE-2011-1554). The updated packages have been patched to correct these issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:144 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
38 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
25 % | CWE-20 | Improper Input Validation |
12 % | CWE-476 | NULL Pointer Dereference |
12 % | CWE-399 | Resource Management Errors |
12 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15060 | |||
Oval ID: | oval:org.mitre.oval:def:15060 | ||
Title: | USN-1335-1 -- t1lib vulnerabilities | ||
Description: | t1lib: Type 1 font rasterizer library - runtime t1lib could be made to crash or run programs as your login if it opened a specially crafted font file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1335-1 CVE-2010-2642 CVE-2011-0433 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | t1lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15180 | |||
Oval ID: | oval:org.mitre.oval:def:15180 | ||
Title: | DSA-2388-1 t1lib -- several | ||
Description: | Several vulnerabilities were discovered in t1lib, a Postscript Type 1 font rasterizer library, some of which might lead to code execution through the opening of files embedding bad fonts. CVE-2010-2642 A heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code. CVE-2011-0433 Another heap-based buffer overflow in the AFM font metrics parser potentially leads to the execution of arbitrary code. CVE-2011-0764 An invalid pointer dereference allows execution of arbitrary code using crafted Type 1 fonts. CVE-2011-1552 Another invalid pointer dereference results in an application crash, triggered by crafted Type 1 fonts. CVE-2011-1553 A use-after-free vulnerability results in an application crash, triggered by crafted Type 1 fonts. CVE-2011-1554 An off-by-one error results in an invalid memory read and application crash, triggered by crafted Type 1 fonts. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2388-1 CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | t1lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15436 | |||
Oval ID: | oval:org.mitre.oval:def:15436 | ||
Title: | USN-1316-1 -- t1lib vulnerability | ||
Description: | t1lib: Type 1 font rasterizer library - runtime t1lib could be made to crash or run programs as your login if it opened a specially crafted font file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1316-1 CVE-2011-0764 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | t1lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15487 | |||
Oval ID: | oval:org.mitre.oval:def:15487 | ||
Title: | USN-1347-1 -- Evince vulnerability | ||
Description: | evince: Document viewer Evince could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1347-1 CVE-2011-0433 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | Evince |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20203 | |||
Oval ID: | oval:org.mitre.oval:def:20203 | ||
Title: | DSA-2119-1 poppler - several vulnerabilities | ||
Description: | Joel Voss of Leviathan Security Group discovered two vulnerabilities in the Poppler PDF rendering library, which may lead to the execution of arbitrary code if a malformed PDF file is opened. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2119-1 CVE-2010-3702 CVE-2010-3704 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | poppler |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20231 | |||
Oval ID: | oval:org.mitre.oval:def:20231 | ||
Title: | DSA-2135-1 xpdf - several vulnerabilities | ||
Description: | Joel Voss of Leviathan Security Group discovered two vulnerabilities in xpdf rendering engine, which may lead to the execution of arbitrary code if a malformed PDF file is opened. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2135-1 CVE-2010-3702 CVE-2010-3704 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xpdf |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20633 | |||
Oval ID: | oval:org.mitre.oval:def:20633 | ||
Title: | RHSA-2012:0137: texlive security update (Moderate) | ||
Description: | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0137-01 CESA-2012:0137 CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 81 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | texlive |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20742 | |||
Oval ID: | oval:org.mitre.oval:def:20742 | ||
Title: | RHSA-2012:0062: t1lib security update (Moderate) | ||
Description: | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0062-01 CESA-2012:0062 CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 81 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | t1lib |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21325 | |||
Oval ID: | oval:org.mitre.oval:def:21325 | ||
Title: | RHSA-2012:1201: tetex security update (Moderate) | ||
Description: | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1201-00 CESA-2012:1201 CVE-2010-2642 CVE-2010-3702 CVE-2010-3704 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 107 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | tetex |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22305 | |||
Oval ID: | oval:org.mitre.oval:def:22305 | ||
Title: | RHSA-2010:0749: poppler security update (Important) | ||
Description: | The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0749-01 CESA-2010:0749 CVE-2010-3702 CVE-2010-3704 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | poppler |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22318 | |||
Oval ID: | oval:org.mitre.oval:def:22318 | ||
Title: | RHSA-2010:0859: poppler security update (Important) | ||
Description: | The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0859-03 CVE-2010-3702 CVE-2010-3703 CVE-2010-3704 | Version: | 42 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | poppler |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22369 | |||
Oval ID: | oval:org.mitre.oval:def:22369 | ||
Title: | RHSA-2010:0753: kdegraphics security update (Important) | ||
Description: | The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0753-01 CESA-2010:0753 CVE-2010-3702 CVE-2010-3704 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kdegraphics |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22717 | |||
Oval ID: | oval:org.mitre.oval:def:22717 | ||
Title: | ELSA-2010:0749: poppler security update (Important) | ||
Description: | The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0749-01 CVE-2010-3702 CVE-2010-3704 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | poppler |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22783 | |||
Oval ID: | oval:org.mitre.oval:def:22783 | ||
Title: | ELSA-2010:0753: kdegraphics security update (Important) | ||
Description: | The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0753-01 CVE-2010-3702 CVE-2010-3704 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | kdegraphics |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23118 | |||
Oval ID: | oval:org.mitre.oval:def:23118 | ||
Title: | ELSA-2012:1201: tetex security update (Moderate) | ||
Description: | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1201-00 CVE-2010-2642 CVE-2010-3702 CVE-2010-3704 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 37 |
Platform(s): | Oracle Linux 5 | Product(s): | tetex |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23546 | |||
Oval ID: | oval:org.mitre.oval:def:23546 | ||
Title: | ELSA-2010:0859: poppler security update (Important) | ||
Description: | The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0859-03 CVE-2010-3702 CVE-2010-3703 CVE-2010-3704 | Version: | 17 |
Platform(s): | Oracle Linux 6 | Product(s): | poppler |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23773 | |||
Oval ID: | oval:org.mitre.oval:def:23773 | ||
Title: | ELSA-2012:0062: t1lib security update (Moderate) | ||
Description: | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0062-01 CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 29 |
Platform(s): | Oracle Linux 6 | Product(s): | t1lib |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27492 | |||
Oval ID: | oval:org.mitre.oval:def:27492 | ||
Title: | DEPRECATED: ELSA-2012-0062 -- t1lib security update (moderate) | ||
Description: | [5.1.2-6.1] - Fixed CVE-2010-2642, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554 Resolves: rhbz#772900 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0062 CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | t1lib |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27973 | |||
Oval ID: | oval:org.mitre.oval:def:27973 | ||
Title: | DEPRECATED: ELSA-2010-0749 -- poppler security update (important) | ||
Description: | [0.5.4-4.4.el5_5.14] - Add poppler-0.5.4-CVE-2010-3702.patch (Properly initialize parser) - Add poppler-0.5.4-CVE-2010-3704.patch (Fix crash in broken pdf (code < 0)) - Resolves: #639839 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0749 CVE-2010-3702 CVE-2010-3704 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | poppler |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-10 | Name : Slackware Advisory SSA:2012-228-01 t1lib File : nvt/esoft_slk_ssa_2012_228_01.nasl |
2012-08-24 | Name : RedHat Update for tetex RHSA-2012:1201-01 File : nvt/gb_RHSA-2012_1201-01_tetex.nasl |
2012-08-24 | Name : CentOS Update for tetex CESA-2012:1201 centos5 File : nvt/gb_CESA-2012_1201_tetex_centos5.nasl |
2012-07-30 | Name : CentOS Update for kpathsea CESA-2012:0137 centos6 File : nvt/gb_CESA-2012_0137_kpathsea_centos6.nasl |
2012-07-30 | Name : CentOS Update for t1lib CESA-2012:0062 centos6 File : nvt/gb_CESA-2012_0062_t1lib_centos6.nasl |
2012-07-09 | Name : RedHat Update for texlive RHSA-2012:0137-01 File : nvt/gb_RHSA-2012_0137-01_texlive.nasl |
2012-07-09 | Name : RedHat Update for t1lib RHSA-2012:0062-01 File : nvt/gb_RHSA-2012_0062-01_t1lib.nasl |
2012-06-05 | Name : RedHat Update for evince RHSA-2011:0009-01 File : nvt/gb_RHSA-2011_0009-01_evince.nasl |
2012-03-19 | Name : Fedora Update for t1lib FEDORA-2012-0289 File : nvt/gb_fedora_2012_0289_t1lib_fc16.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201111-10 (evince) File : nvt/glsa_201111_10.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2388-1 (t1lib) File : nvt/deb_2388_1.nasl |
2012-02-01 | Name : Ubuntu Update for evince USN-1347-1 File : nvt/gb_ubuntu_USN_1347_1.nasl |
2012-02-01 | Name : Fedora Update for t1lib FEDORA-2012-0266 File : nvt/gb_fedora_2012_0266_t1lib_fc15.nasl |
2012-01-20 | Name : Ubuntu Update for t1lib USN-1335-1 File : nvt/gb_ubuntu_USN_1335_1.nasl |
2012-01-13 | Name : Mandriva Update for t1lib MDVSA-2012:004 (t1lib) File : nvt/gb_mandriva_MDVSA_2012_004.nasl |
2012-01-09 | Name : Mandriva Update for t1lib MDVSA-2012:002 (t1lib) File : nvt/gb_mandriva_MDVSA_2012_002.nasl |
2011-12-23 | Name : Ubuntu Update for t1lib USN-1316-1 File : nvt/gb_ubuntu_USN_1316_1.nasl |
2011-08-09 | Name : CentOS Update for kdegraphics CESA-2010:0753 centos5 i386 File : nvt/gb_CESA-2010_0753_kdegraphics_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for poppler CESA-2010:0749 centos5 i386 File : nvt/gb_CESA-2010_0749_poppler_centos5_i386.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2135-1 (xpdf) File : nvt/deb_2135_1.nasl |
2011-01-24 | Name : Mandriva Update for t1lib MDVSA-2011:016 (t1lib) File : nvt/gb_mandriva_MDVSA_2011_016.nasl |
2011-01-24 | Name : Mandriva Update for tetex MDVSA-2011:017 (tetex) File : nvt/gb_mandriva_MDVSA_2011_017.nasl |
2011-01-14 | Name : Mandriva Update for evince MDVSA-2011:005 (evince) File : nvt/gb_mandriva_MDVSA_2011_005.nasl |
2011-01-14 | Name : Fedora Update for evince FEDORA-2011-0224 File : nvt/gb_fedora_2011_0224_evince_fc13.nasl |
2011-01-11 | Name : Fedora Update for evince FEDORA-2011-0208 File : nvt/gb_fedora_2011_0208_evince_fc14.nasl |
2011-01-11 | Name : Ubuntu Update for evince vulnerabilities USN-1035-1 File : nvt/gb_ubuntu_USN_1035_1.nasl |
2010-12-02 | Name : Fedora Update for xpdf FEDORA-2010-16744 File : nvt/gb_fedora_2010_16744_xpdf_fc14.nasl |
2010-12-02 | Name : Fedora Update for poppler FEDORA-2010-15857 File : nvt/gb_fedora_2010_15857_poppler_fc14.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2116-1 (poppler) File : nvt/deb_2116_1.nasl |
2010-11-16 | Name : Fedora Update for xpdf FEDORA-2010-16662 File : nvt/gb_fedora_2010_16662_xpdf_fc13.nasl |
2010-11-16 | Name : Fedora Update for xpdf FEDORA-2010-16705 File : nvt/gb_fedora_2010_16705_xpdf_fc12.nasl |
2010-11-16 | Name : Mandriva Update for poppler MDVSA-2010:231 (poppler) File : nvt/gb_mandriva_MDVSA_2010_231.nasl |
2010-11-16 | Name : Mandriva Update for poppler MDVSA-2010:230 (poppler) File : nvt/gb_mandriva_MDVSA_2010_230.nasl |
2010-11-16 | Name : Mandriva Update for xpdf MDVSA-2010:228 (xpdf) File : nvt/gb_mandriva_MDVSA_2010_228.nasl |
2010-10-22 | Name : Fedora Update for poppler FEDORA-2010-15981 File : nvt/gb_fedora_2010_15981_poppler_fc12.nasl |
2010-10-22 | Name : Ubuntu Update for poppler vulnerabilities USN-1005-1 File : nvt/gb_ubuntu_USN_1005_1.nasl |
2010-10-22 | Name : Fedora Update for poppler FEDORA-2010-15911 File : nvt/gb_fedora_2010_15911_poppler_fc13.nasl |
2010-10-19 | Name : RedHat Update for cups RHSA-2010:0754-01 File : nvt/gb_RHSA-2010_0754-01_cups.nasl |
2010-10-19 | Name : RedHat Update for kdegraphics RHSA-2010:0753-01 File : nvt/gb_RHSA-2010_0753-01_kdegraphics.nasl |
2010-10-19 | Name : RedHat Update for cups RHSA-2010:0755-01 File : nvt/gb_RHSA-2010_0755-01_cups.nasl |
2010-10-19 | Name : RedHat Update for gpdf RHSA-2010:0752-01 File : nvt/gb_RHSA-2010_0752-01_gpdf.nasl |
2010-10-19 | Name : RedHat Update for xpdf RHSA-2010:0751-01 File : nvt/gb_RHSA-2010_0751-01_xpdf.nasl |
2010-10-19 | Name : RedHat Update for xpdf RHSA-2010:0750-01 File : nvt/gb_RHSA-2010_0750-01_xpdf.nasl |
2010-10-19 | Name : RedHat Update for poppler RHSA-2010:0749-01 File : nvt/gb_RHSA-2010_0749-01_poppler.nasl |
2010-10-19 | Name : CentOS Update for xpdf CESA-2010:0750 centos3 i386 File : nvt/gb_CESA-2010_0750_xpdf_centos3_i386.nasl |
2010-10-19 | Name : CentOS Update for xpdf CESA-2010:0751 centos4 i386 File : nvt/gb_CESA-2010_0751_xpdf_centos4_i386.nasl |
2010-10-19 | Name : CentOS Update for gpdf CESA-2010:0752 centos4 i386 File : nvt/gb_CESA-2010_0752_gpdf_centos4_i386.nasl |
2010-10-19 | Name : CentOS Update for cups CESA-2010:0755 centos4 i386 File : nvt/gb_CESA-2010_0755_cups_centos4_i386.nasl |
2010-10-19 | Name : CentOS Update for cups CESA-2010:0754 centos3 i386 File : nvt/gb_CESA-2010_0754_cups_centos3_i386.nasl |
2010-10-19 | Name : CentOS Update for kdegraphics CESA-2010:0753 centos4 i386 File : nvt/gb_CESA-2010_0753_kdegraphics_centos4_i386.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-324-02 poppler File : nvt/esoft_slk_ssa_2010_324_02.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-324-01 xpdf File : nvt/esoft_slk_ssa_2010_324_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74729 | Evince DVI File AFM Font Parsing Overflow |
74528 | t1lib PDF Type 1 Font Handling Invalid Memory Write Use-after-free DoS |
74527 | t1lib PDF Type 1 Font Handling Invalid Memory Location DoS |
74526 | t1lib PDF Type 1 Font Handling Off-by-one Overflow DoS |
72302 | t1lib PDF Type 1 Font Handling Invalid Pointer Code Execution A memory corruption flaw exists in t1lib. The font handling function fails to sanitize user-supplied input using Type 1 fonts resulting in memory corruption. With a specially crafted PDF file, a context-dependent attacker can execute arbitrary code. |
70302 | Evince backend/dvi/mdvi-lib/afmparse.c token() Function Overflow Evince is prone to an overflow condition. The 'token()' function in 'backend/dvi/mdvi-lib/afmparse.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted DVI file, a context-dependent attacker can potentially execute arbitrary code. |
69064 | Poppler Gfx::getPos PDF Handling Uninitialized Pointer Dereference DoS |
69062 | Poppler fofi/FoFiType1.cc FoFiType1::parse Function Memory Corruption |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-09-01 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2017-0147.nasl - Type : ACT_GATHER_INFO |
2017-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201701-57.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-249.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_OpenOffice_org-110330.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_evince-110105.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_evince-110317.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libpoppler-devel-101016.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_t1lib-110111.nasl - Type : ACT_GATHER_INFO |
2014-02-18 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201402-17.nasl - Type : ACT_GATHER_INFO |
2013-10-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-03.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-40.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-48.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0749.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0750.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0751.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0752.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0753.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0754.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0755.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0859.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0009.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0062.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0137.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1201.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_t1lib-120423.nasl - Type : ACT_GATHER_INFO |
2012-08-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1201.nasl - Type : ACT_GATHER_INFO |
2012-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1201.nasl - Type : ACT_GATHER_INFO |
2012-08-24 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120823_tetex_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-16 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-228-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101007_cups_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20101007_gpdf_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101007_kdegraphics_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101007_poppler_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20101007_xpdf_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_poppler_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110106_evince_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120124_t1lib_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120215_texlive_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-02-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0137.nasl - Type : ACT_GATHER_INFO |
2012-02-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0137.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0062.nasl - Type : ACT_GATHER_INFO |
2012-01-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0266.nasl - Type : ACT_GATHER_INFO |
2012-01-30 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0289.nasl - Type : ACT_GATHER_INFO |
2012-01-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1347-1.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0062.nasl - Type : ACT_GATHER_INFO |
2012-01-20 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1335-1.nasl - Type : ACT_GATHER_INFO |
2012-01-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2388.nasl - Type : ACT_GATHER_INFO |
2012-01-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-004.nasl - Type : ACT_GATHER_INFO |
2012-01-03 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-002.nasl - Type : ACT_GATHER_INFO |
2011-12-22 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1316-1.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_evince-7409.nasl - Type : ACT_GATHER_INFO |
2011-12-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2357.nasl - Type : ACT_GATHER_INFO |
2011-11-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201111-10.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpoppler-devel-101021.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_xpdf-101014.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_OpenOffice_org-110330.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_evince-110105.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_evince-110317.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpoppler-devel-101016.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_t1lib-110111.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_evince-110317.nasl - Type : ACT_GATHER_INFO |
2011-04-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_evince-7346.nasl - Type : ACT_GATHER_INFO |
2011-03-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libreoffice331-110318.nasl - Type : ACT_GATHER_INFO |
2011-03-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libreoffice331-7365.nasl - Type : ACT_GATHER_INFO |
2011-03-01 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_t1lib-110111.nasl - Type : ACT_GATHER_INFO |
2011-02-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_xpdf-tools-110126.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_f2b43905354511e08e810022190034c0.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-005.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-016.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-017.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote Windows host has a program affected by multiple vulnerabilities. File : openoffice_33.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_evince-110105.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpoppler-devel-101017.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_xpdf-101015.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_evince-7309.nasl - Type : ACT_GATHER_INFO |
2011-01-12 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0224.nasl - Type : ACT_GATHER_INFO |
2011-01-10 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0208.nasl - Type : ACT_GATHER_INFO |
2011-01-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0009.nasl - Type : ACT_GATHER_INFO |
2011-01-06 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1035-1.nasl - Type : ACT_GATHER_INFO |
2011-01-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2135.nasl - Type : ACT_GATHER_INFO |
2010-12-23 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_xpdf-7190.nasl - Type : ACT_GATHER_INFO |
2010-12-10 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdegraphics3-7235.nasl - Type : ACT_GATHER_INFO |
2010-12-06 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12665.nasl - Type : ACT_GATHER_INFO |
2010-12-06 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cups-7244.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpoppler-devel-101016.nasl - Type : ACT_GATHER_INFO |
2010-11-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpoppler4-7192.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-324-01.nasl - Type : ACT_GATHER_INFO |
2010-11-22 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-324-02.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0859.nasl - Type : ACT_GATHER_INFO |
2010-11-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-228.nasl - Type : ACT_GATHER_INFO |
2010-11-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-230.nasl - Type : ACT_GATHER_INFO |
2010-11-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-231.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16662.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16705.nasl - Type : ACT_GATHER_INFO |
2010-11-05 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16744.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15911.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15981.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1005-1.nasl - Type : ACT_GATHER_INFO |
2010-10-18 | Name : The remote Fedora host is missing a security update. File : fedora_2010-15857.nasl - Type : ACT_GATHER_INFO |
2010-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2119.nasl - Type : ACT_GATHER_INFO |
2010-10-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0749.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0750.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0751.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0752.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0753.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0754.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0755.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0749.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0750.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0751.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0752.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0753.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0754.nasl - Type : ACT_GATHER_INFO |
2010-10-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0755.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2012-11-19 13:20:02 |
|