Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2019-9545: Fixed an uncontrolled recursion issue that could cause a crash (bsc#1128114).
- CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726).
Список пакетов
openSUSE Leap 15.4
libpoppler73-0.62.0-150000.4.31.1
libpoppler73-32bit-0.62.0-150000.4.31.1
Ссылки
- Link for SUSE-SU-2023:4270-1
- E-Mail link for SUSE-SU-2023:4270-1
- SUSE Security Ratings
- SUSE Bug 1128114
- SUSE Bug 1214726
- SUSE CVE CVE-2019-9545 page
- SUSE CVE CVE-2022-37052 page
Описание
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.
Затронутые продукты
openSUSE Leap 15.4:libpoppler73-0.62.0-150000.4.31.1
openSUSE Leap 15.4:libpoppler73-32bit-0.62.0-150000.4.31.1
Ссылки
- CVE-2019-9545
- SUSE Bug 1128114
Описание
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
Затронутые продукты
openSUSE Leap 15.4:libpoppler73-0.62.0-150000.4.31.1
openSUSE Leap 15.4:libpoppler73-32bit-0.62.0-150000.4.31.1
Ссылки
- CVE-2022-37052
- SUSE Bug 1214726