Описание
Security update for qpdf
This update for qpdf fixes the following issues:
- CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF:processXRefStream (bsc#1201830).
- CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514).
Список пакетов
SUSE Enterprise Storage 6
libqpdf21-8.0.2-150000.3.5.1
qpdf-8.0.2-150000.3.5.1
qpdf-devel-8.0.2-150000.3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
libqpdf21-8.0.2-150000.3.5.1
qpdf-8.0.2-150000.3.5.1
qpdf-devel-8.0.2-150000.3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libqpdf21-8.0.2-150000.3.5.1
qpdf-8.0.2-150000.3.5.1
qpdf-devel-8.0.2-150000.3.5.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libqpdf21-8.0.2-150000.3.5.1
qpdf-8.0.2-150000.3.5.1
qpdf-devel-8.0.2-150000.3.5.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libqpdf21-8.0.2-150000.3.5.1
qpdf-8.0.2-150000.3.5.1
qpdf-devel-8.0.2-150000.3.5.1
SUSE Linux Enterprise Server 15 SP1-BCL
libqpdf21-8.0.2-150000.3.5.1
qpdf-8.0.2-150000.3.5.1
qpdf-devel-8.0.2-150000.3.5.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libqpdf21-8.0.2-150000.3.5.1
qpdf-8.0.2-150000.3.5.1
qpdf-devel-8.0.2-150000.3.5.1
SUSE Linux Enterprise Server 15-LTSS
libqpdf21-8.0.2-150000.3.5.1
qpdf-8.0.2-150000.3.5.1
qpdf-devel-8.0.2-150000.3.5.1
SUSE Linux Enterprise Server for SAP Applications 15
libqpdf21-8.0.2-150000.3.5.1
qpdf-8.0.2-150000.3.5.1
qpdf-devel-8.0.2-150000.3.5.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libqpdf21-8.0.2-150000.3.5.1
qpdf-8.0.2-150000.3.5.1
qpdf-devel-8.0.2-150000.3.5.1
openSUSE Leap 15.3
libqpdf21-8.0.2-150000.3.5.1
openSUSE Leap 15.4
libqpdf21-8.0.2-150000.3.5.1
Ссылки
- Link for SUSE-SU-2022:2670-1
- E-Mail link for SUSE-SU-2022:2670-1
- SUSE Security Ratings
- SUSE Bug 1188514
- SUSE Bug 1201830
- SUSE CVE CVE-2021-36978 page
- SUSE CVE CVE-2022-34503 page
Описание
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
Затронутые продукты
SUSE Enterprise Storage 6:libqpdf21-8.0.2-150000.3.5.1
SUSE Enterprise Storage 6:qpdf-8.0.2-150000.3.5.1
SUSE Enterprise Storage 6:qpdf-devel-8.0.2-150000.3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libqpdf21-8.0.2-150000.3.5.1
Ссылки
- CVE-2021-36978
- SUSE Bug 1188514
Описание
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Затронутые продукты
SUSE Enterprise Storage 6:libqpdf21-8.0.2-150000.3.5.1
SUSE Enterprise Storage 6:qpdf-8.0.2-150000.3.5.1
SUSE Enterprise Storage 6:qpdf-devel-8.0.2-150000.3.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:libqpdf21-8.0.2-150000.3.5.1
Ссылки
- CVE-2022-34503
- SUSE Bug 1201830