pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
965bfc23c8
vuln-list-alt/oval/c9f2/ALT-PU-2017-2228/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

365 lines
18 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20172228",
"Version": "oval:org.altlinux.errata:def:20172228",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-2228: package `qpdf` update to version 7.0.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-2228",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-2228",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01402",
"RefURL": "https://bdu.fstec.ru/vul/2021-01402",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01403",
"RefURL": "https://bdu.fstec.ru/vul/2021-01403",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01404",
"RefURL": "https://bdu.fstec.ru/vul/2021-01404",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01406",
"RefURL": "https://bdu.fstec.ru/vul/2021-01406",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01407",
"RefURL": "https://bdu.fstec.ru/vul/2021-01407",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01408",
"RefURL": "https://bdu.fstec.ru/vul/2021-01408",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01439",
"RefURL": "https://bdu.fstec.ru/vul/2021-01439",
"Source": "BDU"
},
{
"RefID": "CVE-2015-9252",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-9252",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11624",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11624",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11625",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11625",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11626",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11626",
"Source": "CVE"
},
{
"RefID": "CVE-2017-11627",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-11627",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12595",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12595",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18183",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18183",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18184",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18184",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18185",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18185",
"Source": "CVE"
},
{
"RefID": "CVE-2017-18186",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-18186",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9208",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9208",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9209",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9209",
"Source": "CVE"
},
{
"RefID": "CVE-2017-9210",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-9210",
"Source": "CVE"
}
],
"Description": "This update upgrades qpdf to version 7.0.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01402: Уязвимость компонента libqpdf.a утилиты командной строки для преобразования PDF документов QPDF, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01403: Уязвимость компонента libqpdf.a утилиты командной строки для преобразования PDF документов QPDF, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01404: Уязвимость компонента libqpdf.a утилиты командной строки для преобразования PDF документов QPDF, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01406: Уязвимость функции PointerHolder утилиты командной строки для преобразования PDF документов QPDF, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01407: Уязвимость функции QPDF::resolveObjectsInStream утилиты командной строки для преобразования PDF документов QPDF, связанная с бесконечной работой цикла, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01408: Уязвимость функции QPDFTokenizer::resolveLiteral утилиты командной строки для преобразования PDF документов QPDF, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01439: Уязвимость функции QPDFTokenizer::resolveLiteral утилиты командной строки для преобразования PDF документов QPDF, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2015-9252: An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.\n\n * CVE-2017-11624: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\"\n\n * CVE-2017-11625: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an \"infinite loop.\"\n\n * CVE-2017-11626: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\"\n\n * CVE-2017-11627: A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an \"infinite loop.\"\n\n * CVE-2017-12595: The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.\n\n * CVE-2017-18183: An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.\n\n * CVE-2017-18184: An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.\n\n * CVE-2017-18185: An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.\n\n * CVE-2017-18186: An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.\n\n * CVE-2017-9208: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.\n\n * CVE-2017-9209: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.\n\n * CVE-2017-9210: libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-09-18"
},
"Updated": {
"Date": "2017-09-18"
},
"BDUs": [
{
"ID": "BDU:2021-01402",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2021-01402",
"Impact": "Low",
"Public": "20170523"
},
{
"ID": "BDU:2021-01403",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2021-01403",
"Impact": "Low",
"Public": "20170523"
},
{
"ID": "BDU:2021-01404",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2021-01404",
"Impact": "Low",
"Public": "20170523"
},
{
"ID": "BDU:2021-01406",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2021-01406",
"Impact": "Low",
"Public": "20170725"
},
{
"ID": "BDU:2021-01407",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2021-01407",
"Impact": "Low",
"Public": "20170725"
},
{
"ID": "BDU:2021-01408",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2021-01408",
"Impact": "Low",
"Public": "20170725"
},
{
"ID": "BDU:2021-01439",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://bdu.fstec.ru/vul/2021-01439",
"Impact": "Low",
"Public": "20170725"
}
],
"CVEs": [
{
"ID": "CVE-2015-9252",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-399",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-9252",
"Impact": "Low",
"Public": "20180213"
},
{
"ID": "CVE-2017-11624",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11624",
"Impact": "Low",
"Public": "20170725"
},
{
"ID": "CVE-2017-11625",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11625",
"Impact": "Low",
"Public": "20170725"
},
{
"ID": "CVE-2017-11626",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11626",
"Impact": "Low",
"Public": "20170725"
},
{
"ID": "CVE-2017-11627",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-11627",
"Impact": "Low",
"Public": "20170725"
},
{
"ID": "CVE-2017-12595",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12595",
"Impact": "High",
"Public": "20170827"
},
{
"ID": "CVE-2017-18183",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18183",
"Impact": "Low",
"Public": "20180213"
},
{
"ID": "CVE-2017-18184",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18184",
"Impact": "Low",
"Public": "20180213"
},
{
"ID": "CVE-2017-18185",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18185",
"Impact": "Low",
"Public": "20180213"
},
{
"ID": "CVE-2017-18186",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-18186",
"Impact": "Low",
"Public": "20180213"
},
{
"ID": "CVE-2017-9208",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9208",
"Impact": "Low",
"Public": "20170523"
},
{
"ID": "CVE-2017-9209",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9209",
"Impact": "Low",
"Public": "20170523"
},
{
"ID": "CVE-2017-9210",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-9210",
"Impact": "Low",
"Public": "20170523"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20172228001",
"Comment": "libqpdf is earlier than 0:7.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172228002",
"Comment": "libqpdf-devel is earlier than 0:7.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172228003",
"Comment": "qpdf is earlier than 0:7.0.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20172228004",
"Comment": "qpdf-doc is earlier than 0:7.0.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink