| Revision Date: | 2019-02-14 | Version: | 1 |
| Title: | Security update for podofo (Moderate) |
| Description: |
This update for podofo fixes the following issues:
These security issues were fixed:
- CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772) - CVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026). - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5309: Prevent integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075322). - CVE-2018-5296: Prevent uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075021). - CVE-2017-7381: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032020). - CVE-2017-7382: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032021). - CVE-2017-7383: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032022). - CVE-2018-11256: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1096889). - CVE-2018-5783: Prevent uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function that allowed remote attackers to cause a denial of service via a crafted pdf file (bsc#1076962).
These non-security issues were fixed:
- Prevent regression caused by the fix for CVE-2017-8054. - Prevent NULL dereferences when 'Kids' array is missing (bsc#1096890) - Added to detect cycles and recursions in XRef tables
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1027779
1032020
1032021
1032022
1075021
1075026
1075322
1075772
1076962
1096889
1096890
CVE-2017-6845
CVE-2017-7381
CVE-2017-7382
CVE-2017-7383
CVE-2017-8054
CVE-2018-11256
CVE-2018-5295
CVE-2018-5296
CVE-2018-5308
CVE-2018-5309
CVE-2018-5783
SUSE-SU-2019:0393-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 12 SP4
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 SP4 is installed AND libpodofo0_9_2-0.9.2-3.6.3 is installed
|