Описание
Security update for podofo
This update for podofo fixes the following issues:
These security issues were fixed:
- CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779).
- CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772)
- CVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026).
- CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779).
- CVE-2018-5309: Prevent integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075322).
- CVE-2018-5296: Prevent uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075021).
- CVE-2017-7381: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032020).
- CVE-2017-7382: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032021).
- CVE-2017-7383: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032022).
- CVE-2018-11256: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1096889).
- CVE-2018-5783: Prevent uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function that allowed remote attackers to cause a denial of service via a crafted pdf file (bsc#1076962).
These non-security issues were fixed:
- Prevent regression caused by the fix for CVE-2017-8054.
- Prevent NULL dereferences when 'Kids' array is missing (bsc#1096890)
- Added to detect cycles and recursions in XRef tables
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Workstation Extension 12 SP3
SUSE Linux Enterprise Workstation Extension 12 SP4
Ссылки
- Link for SUSE-SU-2019:0393-1
- E-Mail link for SUSE-SU-2019:0393-1
- SUSE Security Ratings
- SUSE Bug 1027779
- SUSE Bug 1032020
- SUSE Bug 1032021
- SUSE Bug 1032022
- SUSE Bug 1075021
- SUSE Bug 1075026
- SUSE Bug 1075322
- SUSE Bug 1075772
- SUSE Bug 1076962
- SUSE Bug 1096889
- SUSE Bug 1096890
- SUSE CVE CVE-2017-6845 page
- SUSE CVE CVE-2017-7381 page
- SUSE CVE CVE-2017-7382 page
- SUSE CVE CVE-2017-7383 page
- SUSE CVE CVE-2017-8054 page
- SUSE CVE CVE-2018-11256 page
Описание
The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-6845
- SUSE Bug 1027779
- SUSE Bug 1027781
Описание
The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
Затронутые продукты
Ссылки
- CVE-2017-7381
- SUSE Bug 1032019
- SUSE Bug 1032020
Описание
The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
Затронутые продукты
Ссылки
- CVE-2017-7382
- SUSE Bug 1032019
- SUSE Bug 1032021
Описание
The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
Затронутые продукты
Ссылки
- CVE-2017-7383
- SUSE Bug 1032019
- SUSE Bug 1032022
Описание
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.
Затронутые продукты
Ссылки
- CVE-2017-8054
- SUSE Bug 1035596
- SUSE Bug 1094315
Описание
An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
Затронутые продукты
Ссылки
- CVE-2018-11256
- SUSE Bug 1096889
Описание
In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
Затронутые продукты
Ссылки
- CVE-2018-5295
- SUSE Bug 1075026
Описание
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
Затронутые продукты
Ссылки
- CVE-2018-5296
- SUSE Bug 1075021
Описание
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.
Затронутые продукты
Ссылки
- CVE-2018-5308
- SUSE Bug 1075772
Описание
In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.
Затронутые продукты
Ссылки
- CVE-2018-5309
- SUSE Bug 1075322
Описание
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
Затронутые продукты
Ссылки
- CVE-2018-5783
- SUSE Bug 1076962