Описание
Security update for qpdf
This update for qpdf fixes the following issues:
- CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF::processXRefStream (bsc#1201830).
- CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514).
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
libqpdf18-7.1.1-3.8.1
qpdf-7.1.1-3.8.1
SUSE Linux Enterprise Server 12 SP3-BCL
libqpdf18-7.1.1-3.8.1
qpdf-7.1.1-3.8.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libqpdf18-7.1.1-3.8.1
qpdf-7.1.1-3.8.1
SUSE Linux Enterprise Server 12 SP5
libqpdf18-7.1.1-3.8.1
qpdf-7.1.1-3.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libqpdf18-7.1.1-3.8.1
qpdf-7.1.1-3.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libqpdf18-7.1.1-3.8.1
qpdf-7.1.1-3.8.1
SUSE Linux Enterprise Software Development Kit 12 SP5
qpdf-devel-7.1.1-3.8.1
SUSE OpenStack Cloud 9
libqpdf18-7.1.1-3.8.1
qpdf-7.1.1-3.8.1
SUSE OpenStack Cloud Crowbar 9
libqpdf18-7.1.1-3.8.1
qpdf-7.1.1-3.8.1
Ссылки
- Link for SUSE-SU-2022:2669-1
- E-Mail link for SUSE-SU-2022:2669-1
- SUSE Security Ratings
- SUSE Bug 1188514
- SUSE Bug 1201830
- SUSE CVE CVE-2021-36978 page
- SUSE CVE CVE-2022-34503 page
Описание
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:libqpdf18-7.1.1-3.8.1
SUSE Linux Enterprise Server 12 SP2-BCL:qpdf-7.1.1-3.8.1
SUSE Linux Enterprise Server 12 SP3-BCL:libqpdf18-7.1.1-3.8.1
SUSE Linux Enterprise Server 12 SP3-BCL:qpdf-7.1.1-3.8.1
Ссылки
- CVE-2021-36978
- SUSE Bug 1188514
Описание
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:libqpdf18-7.1.1-3.8.1
SUSE Linux Enterprise Server 12 SP2-BCL:qpdf-7.1.1-3.8.1
SUSE Linux Enterprise Server 12 SP3-BCL:libqpdf18-7.1.1-3.8.1
SUSE Linux Enterprise Server 12 SP3-BCL:qpdf-7.1.1-3.8.1
Ссылки
- CVE-2022-34503
- SUSE Bug 1201830