Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622).
- CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621).
- CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP4
SUSE Linux Enterprise Module for Package Hub 15 SP4
SUSE Linux Enterprise Workstation Extension 15 SP5
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2023:3947-1
- E-Mail link for SUSE-SU-2023:3947-1
- SUSE Security Ratings
- SUSE Bug 1214618
- SUSE Bug 1214621
- SUSE Bug 1214622
- SUSE CVE CVE-2022-37050 page
- SUSE CVE CVE-2022-37051 page
- SUSE CVE CVE-2022-38349 page
Описание
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
Затронутые продукты
Ссылки
- CVE-2022-37050
- SUSE Bug 1214622
- SUSE Bug 1225040
Описание
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
Затронутые продукты
Ссылки
- CVE-2022-37051
- SUSE Bug 1214621
- SUSE Bug 1225040
Описание
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
Затронутые продукты
Ссылки
- CVE-2022-38349
- SUSE Bug 1214618
- SUSE Bug 1225040