Rewterz Threat Alert – Malspam Campaigns Hide Infostealers in ISO Image Files
June 27, 2019Rewterz Threat Alert – GlobeImposter Ransomware Attacking Financial Services
June 27, 2019Severity
Medium
Analysis summary
CVE-2018-18511
Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method.
CVE-2019-9200
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service.
CVE-2019-12295
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.
CVE-2019-9631
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
CVE-2019-10873
An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc.
CVE-2018-20650
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
CVE-2018-20662
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
CVE-2019-9903
markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
CVE-2017-18258
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
CVE-2019-9797
Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element.
Following vulnerabilities have also been identified but a description for them was not available at the time of creation of this advisory.
- CVE-2019-9816
- CVE-2019-9820
- CVE-2019-9817
- CVE-2019-11691
- CVE-2019-9800
- CVE-2019-5798
- CVE-2019-11694
- CVE-2019-9815
- CVE-2019-11693
- CVE-2019-9819
- CVE-2018-6260
- CVE-2019-9818
- CVE-2019-11692
Impact
- System access
- Denial of service
- Exposure of sensitive information
- Security Bypass
Affected Vendors
Oracle
Affected Products
Oracle Solaris versions prior to 11.4 SRU 10
Remediation
Update to version 11.4 SRU 10.