Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2019-16115: Fixed an uninitialized memory error in GfxUnivariateShading::setupCache. (bsc#1150039)
Список пакетов
openSUSE Leap 15.4
libpoppler73-0.62.0-150000.4.18.1
libpoppler73-32bit-0.62.0-150000.4.18.1
Ссылки
- Link for SUSE-SU-2023:3241-1
- E-Mail link for SUSE-SU-2023:3241-1
- SUSE Security Ratings
- SUSE Bug 1124150
- SUSE Bug 1150039
- SUSE CVE CVE-2019-16115 page
- SUSE CVE CVE-2019-7310 page
Описание
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.
Затронутые продукты
openSUSE Leap 15.4:libpoppler73-0.62.0-150000.4.18.1
openSUSE Leap 15.4:libpoppler73-32bit-0.62.0-150000.4.18.1
Ссылки
- CVE-2019-16115
- SUSE Bug 1150039
- SUSE Bug 1225040
Описание
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
Затронутые продукты
openSUSE Leap 15.4:libpoppler73-0.62.0-150000.4.18.1
openSUSE Leap 15.4:libpoppler73-32bit-0.62.0-150000.4.18.1
Ссылки
- CVE-2019-7310
- SUSE Bug 1124150