 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.2.2017.1260 |
| Kategorie: | Huawei EulerOS Local Security Checks |
| Titel: | Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2017-1260) |
| Zusammenfassung: | The remote host is missing an update for the Huawei EulerOS 'poppler' package(s) announced via the EulerOS-SA-2017-1260 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the Huawei EulerOS 'poppler' package(s) announced via the EulerOS-SA-2017-1260 advisory. Vulnerability Insight: In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.(CVE-2017-14517) In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.(CVE-2017-14518) In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).(CVE-2017-14519) In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.(CVE-2017-14520) In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.(CVE-2017-14617) In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.(CVE-2017-14929) The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.(CVE-2017-14977) The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack.(CVE-2017-14976) The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack.(CVE-2017-14975) Affected Software/OS: 'poppler' package(s) on Huawei EulerOS V2.0SP2. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-14517 Common Vulnerability Exposure (CVE) ID: CVE-2017-14518 Common Vulnerability Exposure (CVE) ID: CVE-2017-14519 Common Vulnerability Exposure (CVE) ID: CVE-2017-14520 Common Vulnerability Exposure (CVE) ID: CVE-2017-14617 Common Vulnerability Exposure (CVE) ID: CVE-2017-14929 Common Vulnerability Exposure (CVE) ID: CVE-2017-14975 Common Vulnerability Exposure (CVE) ID: CVE-2017-14976 Common Vulnerability Exposure (CVE) ID: CVE-2017-14977 |
| Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |