Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:2137-1

Опубликовано: 21 июн. 2024
Источник: suse-cvrf

Описание

Security update for podofo

This update for podofo fixes the following issues:

  • CVE-2019-9199: Fixed a NULL pointer dereference in podofoimpose (bsc#1127855)
  • CVE-2018-20797: Fixed an excessive memory allocation in PoDoFo:podofo_calloc (bsc#1127514)
  • CVE-2019-10723: Fixed a memory leak in PdfPagesTreeCache (bsc#1131544)

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP5
libpodofo-devel-0.9.6-150300.3.9.1
libpodofo0_9_6-0.9.6-150300.3.9.1
podofo-0.9.6-150300.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
libpodofo-devel-0.9.6-150300.3.9.1
libpodofo0_9_6-0.9.6-150300.3.9.1
podofo-0.9.6-150300.3.9.1
openSUSE Leap 15.5
libpodofo-devel-0.9.6-150300.3.9.1
libpodofo0_9_6-0.9.6-150300.3.9.1
podofo-0.9.6-150300.3.9.1
openSUSE Leap 15.6
libpodofo-devel-0.9.6-150300.3.9.1
libpodofo0_9_6-0.9.6-150300.3.9.1
podofo-0.9.6-150300.3.9.1

Ссылки

Описание

An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1
Ссылки

Описание

An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1
Ссылки

Описание

PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1
SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1
Ссылки