Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272).
- CVE-2018-21009: Fixed integer overflow in Parser:makeStream in Parser.cc (bsc#1149635).
- CVE-2019-12293: Fixed heap-based buffer over-read in JPXStream:init in JPEG2000Stream.cc (bsc#1136105).
- CVE-2018-20481: Fixed memory leak in GfxColorSpace:setDisplayProfile in GfxState.cc (bsc#1114966).
- CVE-2019-7310: Fixed a heap-based buffer over-read allows remote attackers to cause DOS via a special crafted PDF (bsc#1124150).
- CVE-2018-13988: Fixed buffer overflow in pdfunite (bsc#1102531).
- CVE-2018-16646: Fixed infinite recursion in poppler/Parser.cc:Parser::getObj() function (bsc#1107597).
- CVE-2018-19058: Fixed reachable abort in Object.h leading to denial of service (bsc#1115187).
- CVE-2018-19059: Fixed out-of-bounds read in EmbFile:save2 in FileSpec.cc leading to denial of service (bsc#1115186).
- CVE-2018-19060: Fixed NULL pointer dereference in goo/GooString.h leading to denial of service (bsc#1115185).
- CVE-2018-19149: Fixed NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment (bsc#1115626).
- CVE-2017-18267: Fixed denial of service (infinite recursion) via a crafted PDF file (bsc#1092945).
- CVE-2018-20650: Fixed issue where a reachable Object in dictLookup assertion allows attackers to cause DOS (bsc#1120939).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
Ссылки
- Link for SUSE-SU-2023:2907-1
- E-Mail link for SUSE-SU-2023:2907-1
- SUSE Security Ratings
- SUSE Bug 1092945
- SUSE Bug 1102531
- SUSE Bug 1107597
- SUSE Bug 1114966
- SUSE Bug 1115185
- SUSE Bug 1115186
- SUSE Bug 1115187
- SUSE Bug 1115626
- SUSE Bug 1120939
- SUSE Bug 1124150
- SUSE Bug 1136105
- SUSE Bug 1149635
- SUSE Bug 1199272
- SUSE CVE CVE-2017-18267 page
- SUSE CVE CVE-2018-13988 page
- SUSE CVE CVE-2018-16646 page
- SUSE CVE CVE-2018-18897 page
Описание
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.
Затронутые продукты
Ссылки
- CVE-2017-18267
- SUSE Bug 1092945
Описание
Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.
Затронутые продукты
Ссылки
- CVE-2018-13988
- SUSE Bug 1102531
Описание
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
Затронутые продукты
Ссылки
- CVE-2018-16646
- SUSE Bug 1107597
- SUSE Bug 1140882
Описание
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
Затронутые продукты
Ссылки
- CVE-2018-18897
- SUSE Bug 1114966
Описание
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
Затронутые продукты
Ссылки
- CVE-2018-19058
- SUSE Bug 1115187
Описание
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
Затронутые продукты
Ссылки
- CVE-2018-19059
- SUSE Bug 1115186
Описание
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
Затронутые продукты
Ссылки
- CVE-2018-19060
- SUSE Bug 1115185
Описание
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
Затронутые продукты
Ссылки
- CVE-2018-19149
- SUSE Bug 1115626
Описание
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
Затронутые продукты
Ссылки
- CVE-2018-20481
- SUSE Bug 1120495
Описание
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
Затронутые продукты
Ссылки
- CVE-2018-20650
- SUSE Bug 1120939
- SUSE Bug 1120956
Описание
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
Затронутые продукты
Ссылки
- CVE-2018-21009
- SUSE Bug 1149635
Описание
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.
Затронутые продукты
Ссылки
- CVE-2019-12293
- SUSE Bug 1136105
Описание
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
Затронутые продукты
Ссылки
- CVE-2019-7310
- SUSE Bug 1124150
Описание
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Затронутые продукты
Ссылки
- CVE-2022-27337
- SUSE Bug 1199272
- SUSE Bug 1225040