Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2017-9406: Fixed a memory leak that occurred while parsing invalid XRef attributes (bsc#1042803).
- CVE-2017-9083: Fixed a memory leak that occurred when the parser tried to recover from a broken input file. (bsc#1040170)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libpoppler44-0.24.4-14.3.1
SUSE Linux Enterprise Server 12 SP2
libpoppler44-0.24.4-14.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libpoppler44-0.24.4-14.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libpoppler44-0.24.4-14.3.1
Ссылки
- Link for SUSE-SU-2017:1672-1
- E-Mail link for SUSE-SU-2017:1672-1
- SUSE Security Ratings
- SUSE Bug 1040170
- SUSE Bug 1042803
- SUSE CVE CVE-2017-9083 page
- SUSE CVE CVE-2017-9406 page
Описание
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libpoppler44-0.24.4-14.3.1
SUSE Linux Enterprise Server 12 SP2:libpoppler44-0.24.4-14.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpoppler44-0.24.4-14.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpoppler44-0.24.4-14.3.1
Ссылки
- CVE-2017-9083
- SUSE Bug 1040170
Описание
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libpoppler44-0.24.4-14.3.1
SUSE Linux Enterprise Server 12 SP2:libpoppler44-0.24.4-14.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpoppler44-0.24.4-14.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpoppler44-0.24.4-14.3.1
Ссылки
- CVE-2017-9406
- SUSE Bug 1042803