Oval Definition:oval:org.opensuse.security:def:201814320
Revision Date:2022-06-30Version:1
Title:CVE-2018-14320
Description:

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2018-14320
SUSE CVE-2018-14320
Platform(s):openSUSE Tumbleweed
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Workstation Extension 12 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND podofo is not affected
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • libpodofo-devel-0.9.7-2.2 is installed
  • OR libpodofo0_9_7-0.9.7-2.2 is installed
  • OR podofo-0.9.7-2.2 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • OR SUSE Linux Enterprise Software Development Kit 12 SP3 is installed
  • OR SUSE Linux Enterprise Workstation Extension 12 SP3 is installed
  • AND podofo is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • OR SUSE Linux Enterprise Server 12 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • OR SUSE Linux Enterprise Workstation Extension 12 SP3 is installed
  • AND podofo is not affected
    • BACK