Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
patchinfo.7908
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7908
<patchinfo incident="7908"> <issue id="1023067" tracker="bnc">VUL-1: CVE-2017-5852: podofo: infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp)</issue> <issue id="1023069" tracker="bnc">VUL-1: CVE-2017-5853: podofo: signed integer overflow in PdfParser.cpp</issue> <issue id="1023070" tracker="bnc">VUL-1: CVE-2017-5854: podofo: NULL pointer dereference in PdfOutputStream.cpp</issue> <issue id="1023071" tracker="bnc">VUL-1: CVE-2017-5855: podofo: NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp)</issue> <issue id="1023380" tracker="bnc">VUL-1: CVE-2017-5886: podofo: heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp)</issue> <issue id="1027778" tracker="bnc">VUL-1: CVE-2017-6847: podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h)</issue> <issue id="1027782" tracker="bnc">VUL-1: CVE-2017-6844: podofo: global buffer overflow in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp)</issue> <issue id="1027787" tracker="bnc">VUL-1: CVE-2017-6840: podofo: invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp)</issue> <issue id="1032017" tracker="bnc">VUL-1: CVE-2017-7378: podofo: heap-based buffer overflow in PoDoFo::PdfPainter::ExpandTabs (PdfPainter.cpp)</issue> <issue id="1032018" tracker="bnc">VUL-1: CVE-2017-7379: podofo: heap-based buffer overflow in PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncoding.cpp)</issue> <issue id="1032019" tracker="bnc">VUL-1: CVE-2017-7380: podofo: four null pointer dereference</issue> <issue id="1035534" tracker="bnc">VUL-1: CVE-2017-7994: podofo: denial of service (NULL pointer dereference and application crash) via a crafted PDF document(TextExtractor::ExtractText in TextExtractor.cpp:77)</issue> <issue id="1035596" tracker="bnc">VUL-1: CVE-2017-8054: podofo: denial of service via a crafted PDF document (PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464)</issue> <issue id="1037739" tracker="bnc">VUL-1: CVE-2017-8787: podofo: The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function inbase/PdfXRefStreamParserObjec...</issue> <issue id="1075772" tracker="bnc">VUL-1: CVE-2018-5308: podofo: Undefined behavior (memcpy with NULL pointer) in PdfMemoryOutputStream::Write (src/base/PdfOutputStream.cpp)</issue> <issue id="1084894" tracker="bnc">VUL-0: CVE-2018-8001: podofo: Heap overflow read vulnerability in function UnescapeName() in PdfName.cpp</issue> <issue id="2017-5852" tracker="cve" /> <issue id="2017-5853" tracker="cve" /> <issue id="2017-5854" tracker="cve" /> <issue id="2017-5855" tracker="cve" /> <issue id="2017-5886" tracker="cve" /> <issue id="2017-6840" tracker="cve" /> <issue id="2017-6844" tracker="cve" /> <issue id="2017-6847" tracker="cve" /> <issue id="2017-7378" tracker="cve" /> <issue id="2017-7379" tracker="cve" /> <issue id="2017-7380" tracker="cve" /> <issue id="2017-7994" tracker="cve" /> <issue id="2017-8054" tracker="cve" /> <issue id="2017-8787" tracker="cve" /> <issue id="2018-5308" tracker="cve" /> <issue id="2018-8001" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>alarrosa</packager> <description>This update for podofo fixes the following issues: - CVE-2017-5852: The PoDoFo::PdfPage::GetInheritedKeyFromObject function allowed remote attackers to cause a denial of service (infinite loop) via a crafted file (bsc#1023067). - CVE-2017-5853: Integer overflow allowed remote attackers to have unspecified impact via a crafted file (bsc#1023069). - CVE-2017-5854: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted file (bsc#1023070). - CVE-2017-5855: The PoDoFo::PdfParser::ReadXRefSubsection function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1023071). - CVE-2017-5886: Prevent heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function that allowed remote attackers to have unspecified impact via a crafted file (bsc#1023380). - CVE-2017-6847: The PoDoFo::PdfVariant::DelayedLoad function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027778). - CVE-2017-6844: Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function allowed remote attackers to have unspecified impact via a crafted file (bsc#1027782). - CVE-2017-6840: The ColorChanger::GetColorFromStack function allowed remote attackers to cause a denial of service (invalid read) via a crafted file (bsc#1027787). - CVE-2017-7378: The PoDoFo::PdfPainter::ExpandTabs function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document (bsc#1032017). - CVE-2017-7379: The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function allowed remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document (bsc#1032018). - CVE-2017-7380: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032019). - CVE-2017-7994: The function TextExtractor::ExtractText allowed remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document (bsc#1035534). - CVE-2017-8054: The function PdfPagesTree::GetPageNodeFromArray allowed remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document (bsc#1035596). - CVE-2017-8787: The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function allowed remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file (bsc#1037739). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772). - CVE-2018-8001: Prevent heap-based buffer over-read vulnerability in UnescapeName() that allowed remote attackers to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file (bsc#1084894). </description> <summary>Security update for podofo</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor