Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:1849-1

Опубликовано: 15 июл. 2019
Источник: suse-cvrf

Описание

Security update for podofo

This update for podofo fixes the following issues:

Security issues fixed:

  • CVE-2017-8054: Fixed a vulnerability in PdfPagesTree::GetPageNodeFromArray function which could allow remote attackers to cause Denial of Service (bsc#1035596).
  • CVE-2018-5783: Fixed an uncontrolled memory allocation in PdfVecObjects::Reserve function (bsc#1076962).
  • CVE-2018-11255: Fixed a null pointer dereference in PdfPage::GetPageNumber() function which could lead to Denial of Service (bsc#1096890).
  • CVE-2018-20751: Fixed a null pointer dereference in crop_page function (bsc#1124357).
  • CVE-2018-12982: Fixed an invalid memory read in PdfVariant::DelayedLoad() function which could allow remote attackers to cause Denial of Service (bsc#1099720).
  • Fixed a buffer overflow in TestEncrypt function.
  • Fixed a null pointer dereference in PdfTranslator-setTarget function.
  • Fixed a heap based buffer overflow PdfVariant:DelayedLoad function.

Список пакетов

SUSE Linux Enterprise Desktop 12 SP4
libpodofo0_9_2-0.9.2-3.9.2
SUSE Linux Enterprise Software Development Kit 12 SP4
libpodofo-devel-0.9.2-3.9.2
SUSE Linux Enterprise Workstation Extension 12 SP4
libpodofo0_9_2-0.9.2-3.9.2

Ссылки

Описание

The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libpodofo0_9_2-0.9.2-3.9.2
SUSE Linux Enterprise Software Development Kit 12 SP4:libpodofo-devel-0.9.2-3.9.2
SUSE Linux Enterprise Workstation Extension 12 SP4:libpodofo0_9_2-0.9.2-3.9.2
Ссылки

Описание

An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libpodofo0_9_2-0.9.2-3.9.2
SUSE Linux Enterprise Software Development Kit 12 SP4:libpodofo-devel-0.9.2-3.9.2
SUSE Linux Enterprise Workstation Extension 12 SP4:libpodofo0_9_2-0.9.2-3.9.2
Ссылки

Описание

Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libpodofo0_9_2-0.9.2-3.9.2
SUSE Linux Enterprise Software Development Kit 12 SP4:libpodofo-devel-0.9.2-3.9.2
SUSE Linux Enterprise Workstation Extension 12 SP4:libpodofo0_9_2-0.9.2-3.9.2
Ссылки

Описание

An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libpodofo0_9_2-0.9.2-3.9.2
SUSE Linux Enterprise Software Development Kit 12 SP4:libpodofo-devel-0.9.2-3.9.2
SUSE Linux Enterprise Workstation Extension 12 SP4:libpodofo0_9_2-0.9.2-3.9.2
Ссылки

Описание

In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libpodofo0_9_2-0.9.2-3.9.2
SUSE Linux Enterprise Software Development Kit 12 SP4:libpodofo-devel-0.9.2-3.9.2
SUSE Linux Enterprise Workstation Extension 12 SP4:libpodofo0_9_2-0.9.2-3.9.2
Ссылки