Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:1998-1

Опубликовано: 28 июл. 2017
Источник: suse-cvrf

Описание

Security update for poppler

This update for poppler fixes the following issues:

Security issues fixed:

  • CVE-2017-9775: Fix a stack overflow bug in pdftocairo that could have been exploited in a denial of service attack through a specially crafted PDF document. (bsc#1045719)
  • CVE-2017-9776: Fix an integer overflow bug that could have been exploited in a denial of service attack through a specially crafted PDF document. (bsc#1045721)
  • CVE-2017-9408: Fix a memory leak that occurred when the parser tried to recover from a broken input file. (bsc#1042802)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Server 12 SP2
libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libpoppler44-0.24.4-14.6.1

Ссылки

Описание

In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Server 12 SP2:libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpoppler44-0.24.4-14.6.1
Ссылки

Описание

Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Server 12 SP2:libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpoppler44-0.24.4-14.6.1
Ссылки

Описание

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Server 12 SP2:libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libpoppler44-0.24.4-14.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libpoppler44-0.24.4-14.6.1
Ссылки