pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
26379462a9
vuln-list-alt/oval/c10f1/ALT-PU-2020-3475/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

217 lines
9.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20203475",
"Version": "oval:org.altlinux.errata:def:20203475",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-3475: package `mupdf` update to version 1.18.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-3475",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-3475",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01778",
"RefURL": "https://bdu.fstec.ru/vul/2021-01778",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01673",
"RefURL": "https://bdu.fstec.ru/vul/2022-01673",
"Source": "BDU"
},
{
"RefID": "CVE-2017-5991",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5991",
"Source": "CVE"
},
{
"RefID": "CVE-2018-10289",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-10289",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16647",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16647",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16648",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16648",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14975",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14975",
"Source": "CVE"
},
{
"RefID": "CVE-2020-16600",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-16600",
"Source": "CVE"
},
{
"RefID": "CVE-2020-19609",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-19609",
"Source": "CVE"
},
{
"RefID": "CVE-2020-26519",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-26519",
"Source": "CVE"
}
],
"Description": "This update upgrades mupdf to version 1.18.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01778: Уязвимость программы просмотра PDF-файлов MuPDf, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01673: Уязвимость функции tiff_expand_colormap() программы просмотра PDF-файлов MuPDf, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2017-5991: An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.\n\n * CVE-2018-10289: In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file.\n\n * CVE-2018-16647: In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file.\n\n * CVE-2018-16648: In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. This is caused by a pdf/pdf-device.c pdf_dev_alpha array-index underflow.\n\n * CVE-2019-14975: Artifex MuPDF before 1.16.0 has a heap-based buffer over-read in fz_chartorune in fitz/string.c because pdf/pdf-op-filter.c does not check for a missing string.\n\n * CVE-2020-16600: A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.\n\n * CVE-2020-19609: Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service.\n\n * CVE-2020-26519: Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-12-09"
},
"Updated": {
"Date": "2020-12-09"
},
"BDUs": [
{
"ID": "BDU:2021-01778",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-01778",
"Impact": "Low",
"Public": "20200925"
},
{
"ID": "BDU:2022-01673",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2022-01673",
"Impact": "Low",
"Public": "20190606"
}
],
"CVEs": [
{
"ID": "CVE-2017-5991",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5991",
"Impact": "High",
"Public": "20170215"
},
{
"ID": "CVE-2018-10289",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-10289",
"Impact": "Low",
"Public": "20180422"
},
{
"ID": "CVE-2018-16647",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16647",
"Impact": "Low",
"Public": "20180906"
},
{
"ID": "CVE-2018-16648",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-129",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16648",
"Impact": "Low",
"Public": "20180906"
},
{
"ID": "CVE-2019-14975",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14975",
"Impact": "High",
"Public": "20190814"
},
{
"ID": "CVE-2020-16600",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-16600",
"Impact": "High",
"Public": "20201209"
},
{
"ID": "CVE-2020-19609",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-19609",
"Impact": "Low",
"Public": "20210721"
},
{
"ID": "CVE-2020-26519",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-26519",
"Impact": "Low",
"Public": "20201002"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20203475001",
"Comment": "mupdf is earlier than 0:1.18.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20203475002",
"Comment": "mupdf-devel is earlier than 0:1.18.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink