pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3.
openSUSE Tumbleweed SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15