Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:1626-1

Опубликовано: 16 июн. 2020
Источник: suse-cvrf

Описание

Security update for poppler

This update for poppler fixes the following issues:

These security issues were fixed:

  • CVE-2017-14617: Fixed a floating point exception in Stream.cc, which may lead to a potential attack when handling malicious PDF files. (bsc#1060220)
  • CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent overflows in subsequent calculations (bsc#1074453)
  • CVE-2017-15565: Prevent NULL Pointer dereference in the GfxImageColorMap::getGrayLine() function via a crafted PDF document (bsc#1064593)
  • CVE-2018-10768: Prevent NULL pointer dereference in the AnnotPath::getCoordsLength function. A crafted input could have lead to a remote denial of service attack (bsc#1092105).

This update also fixes an additional segmentation fault that is trigger by the reproducer for CVE-2017-14517 (bsc#1059066).

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP4
libpoppler44-0.24.4-14.16.6
SUSE Linux Enterprise Software Development Kit 12 SP5
libpoppler44-0.24.4-14.16.6

Ссылки

Описание

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP4:libpoppler44-0.24.4-14.16.6
SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.16.6
Ссылки

Описание

In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP4:libpoppler44-0.24.4-14.16.6
SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.16.6
Ссылки

Описание

In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP4:libpoppler44-0.24.4-14.16.6
SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.16.6
Ссылки

Описание

In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP4:libpoppler44-0.24.4-14.16.6
SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.16.6
Ссылки

Описание

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP4:libpoppler44-0.24.4-14.16.6
SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.16.6
Ссылки
Уязвимость SUSE-SU-2020:1626-1