Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
patchinfo.7676
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7676
<patchinfo incident="7676"> <issue tracker="bnc" id="1059066">VUL-0: CVE-2017-14517: poppler: NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc</issue> <issue tracker="bnc" id="1060220">VUL-0: CVE-2017-14617: poppler: Ifloating point exception occurs in the ImageStream class inStream.cc, which may lead to denial of service</issue> <issue tracker="bnc" id="1074453">VUL-0: CVE-2017-1000456: poppler: libpoppler fails to validate boundaries inTextPool::addWord, leading to overflow in subsequent calculations.</issue> <issue tracker="bnc" id="1092105">VUL-0: CVE-2018-10768: poppler: NULL pointer dereference in the AnnotPath::getCoordsLength function</issue> <issue tracker="bnc" id="1064593">VUL-0: CVE-2017-15565: poppler: NULL Pointer Dereference exists in theGfxImageColorMap::getGrayLine() and could lead to denial of service</issue> <issue tracker="cve" id="2017-14617"/> <issue tracker="cve" id="2017-15565"/> <issue tracker="cve" id="2018-10768"/> <issue tracker="cve" id="2017-1000456"/> <issue tracker="cve" id="2017-14517"/> <category>security</category> <rating>moderate</rating> <packager>psimons</packager> <description>This update for poppler fixes the following issues: These security issues were fixed: - CVE-2017-14617: Fixed a floating point exception in Stream.cc, which may lead to a potential attack when handling malicious PDF files. (bsc#1060220) - CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent overflows in subsequent calculations (bsc#1074453) - CVE-2017-15565: Prevent NULL Pointer dereference in the GfxImageColorMap::getGrayLine() function via a crafted PDF document (bsc#1064593) - CVE-2018-10768: Prevent NULL pointer dereference in the AnnotPath::getCoordsLength function. A crafted input could have lead to a remote denial of service attack (bsc#1092105). This update also fixes an additional segmentation fault that is trigger by the reproducer for CVE-2017-14517 (bsc#1059066). </description> <summary>Security update for poppler</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor