Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. (bsc#1061265)
- CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent overflows in subsequent calculations (bsc#1074453)
- CVE-2017-15565: Prevent NULL Pointer dereference in the GfxImageColorMap::getGrayLine() function via a crafted PDF document (bsc#1064593)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libpoppler-glib4-0.12.3-1.13.3.2
libpoppler-qt4-3-0.12.3-1.13.3.2
libpoppler5-0.12.3-1.13.3.2
poppler-tools-0.12.3-1.13.3.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libpoppler-glib4-0.12.3-1.13.3.2
libpoppler-qt4-3-0.12.3-1.13.3.2
libpoppler5-0.12.3-1.13.3.2
poppler-tools-0.12.3-1.13.3.2
SUSE Linux Enterprise Software Development Kit 11 SP4
libpoppler-devel-0.12.3-1.13.3.2
libpoppler-glib-devel-0.12.3-1.13.3.2
libpoppler-qt2-0.12.3-1.13.3.2
libpoppler-qt3-devel-0.12.3-1.13.3.2
libpoppler-qt4-devel-0.12.3-1.13.3.2
poppler-tools-0.12.3-1.13.3.2
Ссылки
- Link for SUSE-SU-2018:1691-1
- E-Mail link for SUSE-SU-2018:1691-1
- SUSE Security Ratings
- SUSE Bug 1061265
- SUSE Bug 1064593
- SUSE Bug 1074453
- SUSE CVE CVE-2017-1000456 page
- SUSE CVE CVE-2017-14977 page
- SUSE CVE CVE-2017-15565 page
Описание
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libpoppler-glib4-0.12.3-1.13.3.2
SUSE Linux Enterprise Server 11 SP4:libpoppler-qt4-3-0.12.3-1.13.3.2
SUSE Linux Enterprise Server 11 SP4:libpoppler5-0.12.3-1.13.3.2
SUSE Linux Enterprise Server 11 SP4:poppler-tools-0.12.3-1.13.3.2
Ссылки
- CVE-2017-1000456
- SUSE Bug 1074453
Описание
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libpoppler-glib4-0.12.3-1.13.3.2
SUSE Linux Enterprise Server 11 SP4:libpoppler-qt4-3-0.12.3-1.13.3.2
SUSE Linux Enterprise Server 11 SP4:libpoppler5-0.12.3-1.13.3.2
SUSE Linux Enterprise Server 11 SP4:poppler-tools-0.12.3-1.13.3.2
Ссылки
- CVE-2017-14977
- SUSE Bug 1061265
Описание
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libpoppler-glib4-0.12.3-1.13.3.2
SUSE Linux Enterprise Server 11 SP4:libpoppler-qt4-3-0.12.3-1.13.3.2
SUSE Linux Enterprise Server 11 SP4:libpoppler5-0.12.3-1.13.3.2
SUSE Linux Enterprise Server 11 SP4:poppler-tools-0.12.3-1.13.3.2
Ссылки
- CVE-2017-15565
- SUSE Bug 1064593