Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2019-9545: Fixed a potential crash due to uncontrolled recursion in the JBIG parser (bsc#1128114).
- CVE-2019-9631: Fixed an out of bounds read when converting a PDF to an image (bsc#1129202).
- CVE-2022-37052: Fixed a reachable assertion when extracting pages of a PDf file (bsc#1214726).
- CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256).
- CVE-2019-14292: Fixed an out of bounds read in GfxState.cc (bsc#1143570).
- CVE-2022-48545: Fixed an infinite recursion in Catalog::findDestInTree which can cause denial of service (bsc#1214723).
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
Ссылки
- Link for SUSE-SU-2023:4546-1
- E-Mail link for SUSE-SU-2023:4546-1
- SUSE Security Ratings
- SUSE Bug 1128114
- SUSE Bug 1129202
- SUSE Bug 1143570
- SUSE Bug 1214256
- SUSE Bug 1214723
- SUSE Bug 1214726
- SUSE CVE CVE-2019-14292 page
- SUSE CVE CVE-2019-9545 page
- SUSE CVE CVE-2019-9631 page
- SUSE CVE CVE-2020-36023 page
- SUSE CVE CVE-2022-37052 page
- SUSE CVE CVE-2022-48545 page
Описание
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.
Затронутые продукты
Ссылки
- CVE-2019-14292
- SUSE Bug 1143570
Описание
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.
Затронутые продукты
Ссылки
- CVE-2019-9545
- SUSE Bug 1128114
Описание
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
Затронутые продукты
Ссылки
- CVE-2019-9631
- SUSE Bug 1129202
Описание
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
Затронутые продукты
Ссылки
- CVE-2020-36023
- SUSE Bug 1214256
Описание
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
Затронутые продукты
Ссылки
- CVE-2022-37052
- SUSE Bug 1214726
Описание
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
Затронутые продукты
Ссылки
- CVE-2022-48545
- SUSE Bug 1214723