Описание
Security update for poppler
This update for poppler fixes the following issues:
Security issues fixed:
- CVE-2017-9775: DoS stack buffer overflow in GfxState.cc in pdftocairo via a crafted PDF document (bsc#1045719)
- CVE-2017-9776: DoS integer overflow leading to heap buffer overflow in JBIG2Stream.cc via a crafted PDF document (bsc#1045721)
- CVE-2017-7515: Stack exhaustion due to infinite recursive call in pdfunite (bsc#1043088)
- CVE-2017-7511: Null pointer dereference in pdfunite via crafted documents (bsc#1041783)
- CVE-2017-9406: Memory leak in the gmalloc function in gmem.cc (bsc#1042803)
- CVE-2017-9408: Memory leak in the Object::initArray function (bsc#1042802)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:2056-1
- SUSE Security Ratings
Описание
poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.
Затронутые продукты
Ссылки
- CVE-2017-7511
- SUSE Bug 1041783
Описание
poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.
Затронутые продукты
Ссылки
- CVE-2017-7515
- SUSE Bug 1043088
Описание
In Poppler 0.54.0, a memory leak vulnerability was found in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9406
- SUSE Bug 1042803
Описание
In Poppler 0.54.0, a memory leak vulnerability was found in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file.
Затронутые продукты
Ссылки
- CVE-2017-9408
- SUSE Bug 1042802
Описание
Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
Затронутые продукты
Ссылки
- CVE-2017-9775
- SUSE Bug 1045719
Описание
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
Затронутые продукты
Ссылки
- CVE-2017-9776
- SUSE Bug 1045721