| Revision Date: | 2019-02-14 | Version: | 1 |
| Title: | Security update for podofo (Moderate) |
| Description: |
This update for podofo fixes the following issues:
These security issues were fixed:
- CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772) - CVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026). - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5309: Prevent integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075322). - CVE-2018-5296: Prevent uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075021). - CVE-2017-7381: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032020). - CVE-2017-7382: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032021). - CVE-2017-7383: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032022). - CVE-2018-11256: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1096889). - CVE-2018-5783: Prevent uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function that allowed remote attackers to cause a denial of service via a crafted pdf file (bsc#1076962).
These non-security issues were fixed:
- Prevent regression caused by the fix for CVE-2017-8054. - Prevent NULL dereferences when 'Kids' array is missing (bsc#1096890) - Added to detect cycles and recursions in XRef tables
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1027779
1032020
1032021
1032022
1075021
1075026
1075322
1075772
1076962
1096889
1096890
CVE-2017-6845
CVE-2017-7381
CVE-2017-7382
CVE-2017-7383
CVE-2017-8054
CVE-2018-11256
CVE-2018-5295
CVE-2018-5296
CVE-2018-5308
CVE-2018-5309
CVE-2018-5783
SUSE-SU-2019:0393-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP4
| Product(s): | |
| Definition Synopsis |
| Release Information SUSE Linux Enterprise Desktop 12 SP4 is installed
OR SUSE Linux Enterprise Server 12 SP4 is installed
OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
OR SUSE Linux Enterprise Software Development Kit 12 SP4 is installed
AND libpodofo-devel-0.9.2-3.6.3 is installed
|