Описание
Security update for poppler
This update for poppler fixes the following issues:
Security issues fixed:
- CVE-2017-9775: DoS stack buffer overflow in GfxState.cc in pdftocairo via a crafted PDF document (bsc#1045719)
- CVE-2017-9776: DoS integer overflow leading to heap buffer overflow in JBIG2Stream.cc via a crafted PDF document (bsc#1045721)
- CVE-2017-7515: Stack exhaustion due to infinite recursive call in pdfunite (bsc#1043088)
- CVE-2017-7511: Null pointer dereference in pdfunite via crafted documents (bsc#1041783)
- CVE-2017-9406: Memory leak in the gmalloc function in gmem.cc (bsc#1042803)
- CVE-2017-9408: Memory leak in the Object::initArray function (bsc#1042802)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
Ссылки
- Link for SUSE-SU-2017:1999-1
- E-Mail link for SUSE-SU-2017:1999-1
- SUSE Security Ratings
- SUSE Bug 1041783
- SUSE Bug 1042802
- SUSE Bug 1042803
- SUSE Bug 1043088
- SUSE Bug 1045719
- SUSE Bug 1045721
- SUSE CVE CVE-2017-7511 page
- SUSE CVE CVE-2017-7515 page
- SUSE CVE CVE-2017-9406 page
- SUSE CVE CVE-2017-9408 page
- SUSE CVE CVE-2017-9775 page
- SUSE CVE CVE-2017-9776 page
Описание
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
Затронутые продукты
Ссылки
- CVE-2017-7511
- SUSE Bug 1041783
Описание
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
Затронутые продукты
Ссылки
- CVE-2017-7515
- SUSE Bug 1043088
Описание
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9406
- SUSE Bug 1042803
Описание
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9408
- SUSE Bug 1042802
Описание
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
Затронутые продукты
Ссылки
- CVE-2017-9775
- SUSE Bug 1045719
Описание
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
Затронутые продукты
Ссылки
- CVE-2017-9776
- SUSE Bug 1045721