Описание
Security update for poppler
This update for poppler fixes the following issues:
- CVE-2019-9545: Fixed an uncontrolled recursion issue that could cause a crash (bsc#1128114).
- CVE-2022-37052: Fixed a crash that could be triggered when opening a crafted file (bsc#1214726).
- CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP4
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2023:4562-1
- E-Mail link for SUSE-SU-2023:4562-1
- SUSE Security Ratings
- SUSE Bug 1128114
- SUSE Bug 1214256
- SUSE Bug 1214726
- SUSE CVE CVE-2019-9545 page
- SUSE CVE CVE-2020-36023 page
- SUSE CVE CVE-2022-37052 page
Описание
An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.
Затронутые продукты
Ссылки
- CVE-2019-9545
- SUSE Bug 1128114
Описание
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.
Затронутые продукты
Ссылки
- CVE-2020-36023
- SUSE Bug 1214256
Описание
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
Затронутые продукты
Ссылки
- CVE-2022-37052
- SUSE Bug 1214726