Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692).
- CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2023:0480-1
- E-Mail link for SUSE-SU-2023:0480-1
- SUSE Security Ratings
- SUSE Bug 1140877
- SUSE Bug 1202692
- SUSE CVE CVE-2019-13283 page
- SUSE CVE CVE-2022-38784 page
Описание
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2019-13283
- SUSE Bug 1140877
Описание
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
Затронутые продукты
Ссылки
- CVE-2022-38784
- SUSE Bug 1202692
- SUSE Bug 1203392
- SUSE Bug 1225040