Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder (bsc#1202692).
- CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877).
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2023:0494-1
- E-Mail link for SUSE-SU-2023:0494-1
- SUSE Security Ratings
- SUSE Bug 1140877
- SUSE Bug 1202692
- SUSE CVE CVE-2019-13283 page
- SUSE CVE CVE-2022-38784 page
Описание
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2019-13283
- SUSE Bug 1140877
Описание
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
Затронутые продукты
Ссылки
- CVE-2022-38784
- SUSE Bug 1202692
- SUSE Bug 1203392
- SUSE Bug 1225040