Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2019-16115: Fixed an uninitialized memory error in GfxUnivariateShading::setupCache. (bsc#1150039)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP4
libpoppler89-0.79.0-150200.3.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
libpoppler89-0.79.0-150200.3.14.1
SUSE Manager Proxy 4.2
libpoppler-cpp0-0.79.0-150200.3.14.1
libpoppler-devel-0.79.0-150200.3.14.1
libpoppler-glib-devel-0.79.0-150200.3.14.1
libpoppler-glib8-0.79.0-150200.3.14.1
libpoppler89-0.79.0-150200.3.14.1
poppler-tools-0.79.0-150200.3.14.1
typelib-1_0-Poppler-0_18-0.79.0-150200.3.14.1
SUSE Manager Server 4.2
libpoppler-cpp0-0.79.0-150200.3.14.1
libpoppler-devel-0.79.0-150200.3.14.1
libpoppler-glib-devel-0.79.0-150200.3.14.1
libpoppler-glib8-0.79.0-150200.3.14.1
libpoppler89-0.79.0-150200.3.14.1
poppler-tools-0.79.0-150200.3.14.1
typelib-1_0-Poppler-0_18-0.79.0-150200.3.14.1
openSUSE Leap 15.4
libpoppler89-0.79.0-150200.3.14.1
libpoppler89-32bit-0.79.0-150200.3.14.1
Ссылки
- Link for SUSE-SU-2023:3292-1
- E-Mail link for SUSE-SU-2023:3292-1
- SUSE Security Ratings
- SUSE Bug 1150039
- SUSE CVE CVE-2019-16115 page
Описание
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP4:libpoppler89-0.79.0-150200.3.14.1
SUSE Linux Enterprise Module for Basesystem 15 SP5:libpoppler89-0.79.0-150200.3.14.1
SUSE Manager Proxy 4.2:libpoppler-cpp0-0.79.0-150200.3.14.1
SUSE Manager Proxy 4.2:libpoppler-devel-0.79.0-150200.3.14.1
Ссылки
- CVE-2019-16115
- SUSE Bug 1150039
- SUSE Bug 1225040