Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2020-23804: Fixed uncontrolled recursion in pdfinfo and pdftops (bsc#1215422).
- CVE-2020-36024: Fixed NULL Pointer Deference in
FoFiType1C:convertToType1(bsc#1214257). - CVE-2022-37050: Fixed denial-of-service via savePageAs in PDFDoc.c (bsc#1214622).
- CVE-2022-37051: Fixed abort in main() in pdfunite.cc (bsc#1214621).
- CVE-2022-38349: Fixed reachable assertion in Object.h that will lead to denial of service (bsc#1214618).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2023:3983-1
- E-Mail link for SUSE-SU-2023:3983-1
- SUSE Security Ratings
- SUSE Bug 1214257
- SUSE Bug 1214618
- SUSE Bug 1214621
- SUSE Bug 1214622
- SUSE Bug 1215422
- SUSE CVE CVE-2020-23804 page
- SUSE CVE CVE-2020-36024 page
- SUSE CVE CVE-2022-37050 page
- SUSE CVE CVE-2022-37051 page
- SUSE CVE CVE-2022-38349 page
Описание
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
Затронутые продукты
Ссылки
- CVE-2020-23804
- SUSE Bug 1215422
- SUSE Bug 1217562
- SUSE Bug 1225040
Описание
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.
Затронутые продукты
Ссылки
- CVE-2020-36024
- SUSE Bug 1214257
- SUSE Bug 1225040
Описание
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
Затронутые продукты
Ссылки
- CVE-2022-37050
- SUSE Bug 1214622
- SUSE Bug 1225040
Описание
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
Затронутые продукты
Ссылки
- CVE-2022-37051
- SUSE Bug 1214621
- SUSE Bug 1225040
Описание
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
Затронутые продукты
Ссылки
- CVE-2022-38349
- SUSE Bug 1214618
- SUSE Bug 1225040