SUSE-SU-2023:0496-1

Опубликовано: 23 фев. 2023

Источник: suse-cvrf

Описание

Security update for poppler

This update for poppler fixes the following issues:

CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool (bsc#1140877).

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5

libpoppler44-0.24.4-14.23.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230496-1/
Link for SUSE-SU-2023:0496-1
https://lists.suse.com/pipermail/sle-security-updates/2023-February/013871.html
E-Mail link for SUSE-SU-2023:0496-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1140877
SUSE Bug 1140877
https://www.suse.com/security/cve/CVE-2019-13283/
SUSE CVE CVE-2019-13283 page

Описание

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.23.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-13283.html
CVE-2019-13283
https://bugzilla.suse.com/1140877
SUSE Bug 1140877

SUSE-SU-2023:0496-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2019-13283

Описание

Затронутые продукты

Ссылки