Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272).
- CVE-2018-21009: Fixed integer overflow in Parser:makeStream in Parser.cc (bsc#1149635).
- CVE-2019-12293: Fixed heap-based buffer over-read in JPXStream:init in JPEG2000Stream.cc (bsc#1136105).
Список пакетов
openSUSE Leap 15.4
libpoppler73-0.62.0-150000.4.15.1
libpoppler73-32bit-0.62.0-150000.4.15.1
Ссылки
- Link for SUSE-SU-2023:2838-1
- E-Mail link for SUSE-SU-2023:2838-1
- SUSE Security Ratings
- SUSE Bug 1136105
- SUSE Bug 1149635
- SUSE Bug 1199272
- SUSE CVE CVE-2018-21009 page
- SUSE CVE CVE-2019-12293 page
- SUSE CVE CVE-2022-27337 page
Описание
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
Затронутые продукты
openSUSE Leap 15.4:libpoppler73-0.62.0-150000.4.15.1
openSUSE Leap 15.4:libpoppler73-32bit-0.62.0-150000.4.15.1
Ссылки
- CVE-2018-21009
- SUSE Bug 1149635
Описание
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
Затронутые продукты
openSUSE Leap 15.4:libpoppler73-0.62.0-150000.4.15.1
openSUSE Leap 15.4:libpoppler73-32bit-0.62.0-150000.4.15.1
Ссылки
- CVE-2019-12293
- SUSE Bug 1136105
Описание
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Затронутые продукты
openSUSE Leap 15.4:libpoppler73-0.62.0-150000.4.15.1
openSUSE Leap 15.4:libpoppler73-32bit-0.62.0-150000.4.15.1
Ссылки
- CVE-2022-27337
- SUSE Bug 1199272
- SUSE Bug 1225040