Debian DLA-3120-1 : poppler - LTS security update

high Nessus Plugin ID 165449

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3120 advisory.

- An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897)

- An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
(CVE-2018-19058)

- A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. (CVE-2018-20650)

- An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. (CVE-2019-14494)

- PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. (CVE-2019-9903)

- The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)

- A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. (CVE-2020-27778)

- A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. (CVE-2022-27337)

- Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. (CVE-2022-38784)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the poppler packages.

For Debian 10 buster, these problems have been fixed in version 0.71.0-5+deb10u1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913164

https://security-tracker.debian.org/tracker/source-package/poppler

https://www.debian.org/lts/security/2022/dla-3120

https://security-tracker.debian.org/tracker/CVE-2018-18897

https://security-tracker.debian.org/tracker/CVE-2018-19058

https://security-tracker.debian.org/tracker/CVE-2018-20650

https://security-tracker.debian.org/tracker/CVE-2019-14494

https://security-tracker.debian.org/tracker/CVE-2019-9903

https://security-tracker.debian.org/tracker/CVE-2019-9959

https://security-tracker.debian.org/tracker/CVE-2020-27778

https://security-tracker.debian.org/tracker/CVE-2022-27337

https://security-tracker.debian.org/tracker/CVE-2022-38784

https://packages.debian.org/source/buster/poppler

Plugin Details

Severity: High

ID: 165449

File Name: debian_DLA-3120.nasl

Version: 1.7

Type: local

Agent: unix

Published: 9/26/2022

Updated: 10/10/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2020-27778

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-38784

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:libpoppler-private-dev, p-cpe:/a:debian:debian_linux:libpoppler-qt5-dev, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:libpoppler-glib-dev, p-cpe:/a:debian:debian_linux:libpoppler82, p-cpe:/a:debian:debian_linux:poppler-utils, p-cpe:/a:debian:debian_linux:libpoppler-cpp-dev, p-cpe:/a:debian:debian_linux:libpoppler-glib-doc, p-cpe:/a:debian:debian_linux:libpoppler-qt5-1, p-cpe:/a:debian:debian_linux:libpoppler-dev, p-cpe:/a:debian:debian_linux:libpoppler-cpp0v5, p-cpe:/a:debian:debian_linux:gir1.2-poppler-0.18, p-cpe:/a:debian:debian_linux:libpoppler-glib8

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/26/2022

Vulnerability Publication Date: 11/2/2018

Reference Information

CVE: CVE-2018-18897, CVE-2018-19058, CVE-2018-20650, CVE-2019-14494, CVE-2019-9903, CVE-2019-9959, CVE-2020-27778, CVE-2022-27337, CVE-2022-38784

IAVB: 2022-B-0039-S, 2022-B-0050-S