Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2019-13287: Fixed an out-of-bounds read vulnerability in the function SplashXPath:strokeAdjust. (bsc#1140745)
- CVE-2018-18456: Fixed a stack-based buffer over-read via a crafted pdf file. (bsc#1112428)
- CVE-2018-18454: Fixed heap-based buffer over-read) via a crafted pdf file. (bsc#1112424)
- CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph. (bsc#1214256)
Список пакетов
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2023:4187-1
- E-Mail link for SUSE-SU-2023:4187-1
- SUSE Security Ratings
- SUSE Bug 1112424
- SUSE Bug 1112428
- SUSE Bug 1140745
- SUSE Bug 1214256
- SUSE CVE CVE-2018-18454 page
- SUSE CVE CVE-2018-18456 page
- SUSE CVE CVE-2019-13287 page
- SUSE CVE CVE-2020-36023 page
Описание
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
Затронутые продукты
Ссылки
- CVE-2018-18454
- SUSE Bug 1112424
- SUSE Bug 1133493
Описание
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
Затронутые продукты
Ссылки
- CVE-2018-18456
- SUSE Bug 1112428
- SUSE Bug 1133493
Описание
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368.
Затронутые продукты
Ссылки
- CVE-2019-13287
- SUSE Bug 1140745
Описание
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
Затронутые продукты
Ссылки
- CVE-2020-36023
- SUSE Bug 1214256