Slackware Linux 15.0 / current xpdf Multiple Vulnerabilities (SSA:2024-040-01)

medium Nessus Plugin ID 190377

Synopsis

The remote Slackware Linux host is missing a security update to xpdf.

Description

The version of xpdf installed on the remote host is prior to 4.05. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-040-01 advisory.

- XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE:
this might overlap CVE-2018-7453. (CVE-2018-16369)

- Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
(CVE-2018-7453)

- XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.
(CVE-2022-36561)

- An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088. (CVE-2022-41844)

- In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.
(CVE-2023-2662)

- In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. (CVE-2023-2663)

- In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. (CVE-2023-2664)

- An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. (CVE-2023-3044)

- Xpdf 4.04 will deadlock on a PDF object stream whose Length field is itself in another object stream.
(CVE-2023-3436)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the affected xpdf package.

See Also

http://www.nessus.org/u?f3a0029f

Plugin Details

Severity: Medium

ID: 190377

File Name: Slackware_SSA_2024-040-01.nasl

Version: 1.0

Type: local

Published: 2/9/2024

Updated: 2/9/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-7453

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-2664

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:xpdf, cpe:/o:slackware:slackware_linux:15.0, cpe:/o:slackware:slackware_linux

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/9/2024

Vulnerability Publication Date: 2/24/2018

Reference Information

CVE: CVE-2018-16369, CVE-2018-7453, CVE-2022-36561, CVE-2022-41844, CVE-2023-2662, CVE-2023-2663, CVE-2023-2664, CVE-2023-3044, CVE-2023-3436