The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3120 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3120-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                      Markus Koschany     September 26, 2022                            https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : poppler     Version        : 0.71.0-5+deb10u1     CVE ID         : CVE-2018-18897 CVE-2018-19058 CVE-2018-20650 CVE-2019-9903                      CVE-2019-9959 CVE-2019-14494 CVE-2020-27778 CVE-2022-27337                      CVE-2022-38784     Debian Bug     : 913164 913177 917974 925264 941776 933812 1010695 1018971

    Several security vulnerabilities have been discovered in Poppler, a PDF     rendering library, that could lead to denial of service or possibly other     unspecified impact when processing maliciously crafted documents.

    For Debian 10 buster, these problems have been fixed in version     0.71.0-5+deb10u1.

    We recommend that you upgrade your poppler packages.

    For the detailed security status of poppler please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/poppler

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3120 : gir1.2-poppler-0.18 - security update

high Nessus Plugin ID 165449

Version 1.8

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.8 Jan 22, 2025, 5:44 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202501221744
Version 1.7 Oct 10, 2023, 4:16 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310101616
Version 1.6 Oct 6, 2023, 10:25 AM IAVM reference Plugin Feed: 202310061025
Version 1.5 Nov 21, 2022, 8:42 PM IAVM reference Plugin Feed: 202211212042
Version 1.4 Nov 21, 2022, 6:04 PM IAVM reference Plugin Feed: 202211211804
Version 1.3 Oct 14, 2022, 9:50 AM STIG Severity IAVM reference Plugin Feed: 202210140950