Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
patchinfo.10689
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.10689
<patchinfo incident="10689"> <issue tracker="bnc" id="1092945">VUL-1: CVE-2017-18267: poppler: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file</issue> <issue tracker="bnc" id="1102531">VUL-1: poppler: CVE-2018-13988 poppler: buffer overflow in pdfunite</issue> <issue tracker="bnc" id="1107597">VUL-1: CVE-2018-16646: poppler: Infinite recursion in poppler/Parser.cc:Parser::getObj() function</issue> <issue tracker="bnc" id="1114966">VUL-1: CVE-2018-18897: poppler: memory leak in GfxColorSpace:setDisplayProfile in GfxState.cc</issue> <issue tracker="bnc" id="1115185">VUL-1: CVE-2018-19060: poppler: NULL pointer dereference in goo/GooString.h leads to denial of service</issue> <issue tracker="bnc" id="1115186">VUL-1: CVE-2018-19059: poppler: out-of-bounds read in EmbFile:save2 in FileSpec.cc leading to denial of service</issue> <issue tracker="bnc" id="1115187">VUL-1: CVE-2018-19058: poppler: reachable abort in Object.h leading to denial of service</issue> <issue tracker="bnc" id="1115626">VUL-1: CVE-2018-19149: poppler: NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment</issue> <issue tracker="bnc" id="1120495">VUL-1: CVE-2018-20481: poppler: XRef::getEntry in XRef.cc mishandles unallocated XRef entries</issue> <issue tracker="bnc" id="1120496">VUL-1: CVE-2018-20551: poppler: Object::getString assertion allows attackers to cause a denial of service</issue> <issue tracker="bnc" id="1120939">VUL-1: CVE-2018-20650: poppler: A reachable Object in dictLookup assertion allows attackers to cause DOS</issue> <issue tracker="bnc" id="1120956">VUL-1: CVE-2018-20662: poppler: PDFDoc setup in PDFDoc.cc allows attackers to cause DOS because of a wrong return value from PDFDoc:setup</issue> <issue tracker="bnc" id="1124150">VUL-1: CVE-2019-7310: poppler: A heap-based buffer over-read allows remote attackers to cause DOS via a special crafted PDF</issue> <issue tracker="bnc" id="1127329">VUL-0: CVE-2019-9200: poppler: A heap-based buffer underwrite exists in ImageStream:getLine() located at Stream.cc</issue> <issue tracker="bnc" id="1129202">VUL-1: CVE-2019-9631: poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc</issue> <issue tracker="bnc" id="1130229">VUL-1: CVE-2019-9903: poppler: PDFDoc:markObject in PDFDoc.cc mishandles dict marking leading to stack consumption</issue> <issue tracker="bnc" id="1131696">VUL-1: CVE-2019-10871: poppler: a heap-based buffer over-read discovered in function PSOutputDev:checkPageSlice in PSOutputDev.cc</issue> <issue tracker="bnc" id="1131722">VUL-1: CVE-2019-10872: poppler: heap-based buffer over-read in function Splash:blitTransparent in splash/Splash.cc</issue> <issue tracker="bnc" id="1142465">VUL-1: CVE-2019-9959: poppler: Integer Overflow in JPXStream:init function leading to memory leak</issue> <issue tracker="bnc" id="1143950">VUL-0: CVE-2019-14494: poppler: divide-by-zero error in the function SplashOutputDev:tilingPatternFill at SplashOutputDev.cc.</issue> <issue tracker="bnc" id="1179163">VUL-0: CVE-2020-27778: poppler: poppler: buffer overflow in pdftohtml could result in a DoS</issue> <issue tracker="cve" id="2017-18267"/> <issue tracker="cve" id="2018-13988"/> <issue tracker="cve" id="2018-16646"/> <issue tracker="cve" id="2018-18897"/> <issue tracker="cve" id="2018-19058"/> <issue tracker="cve" id="2018-19059"/> <issue tracker="cve" id="2018-19060"/> <issue tracker="cve" id="2018-19149"/> <issue tracker="cve" id="2018-20481"/> <issue tracker="cve" id="2018-20551"/> <issue tracker="cve" id="2018-20650"/> <issue tracker="cve" id="2018-20662"/> <issue tracker="cve" id="2019-10871"/> <issue tracker="cve" id="2019-10872"/> <issue tracker="cve" id="2019-14494"/> <issue tracker="cve" id="2019-7310"/> <issue tracker="cve" id="2019-9200"/> <issue tracker="cve" id="2019-9631"/> <issue tracker="cve" id="2019-9903"/> <issue tracker="cve" id="2019-9959"/> <issue tracker="cve" id="2020-27778"/> <category>security</category> <rating>important</rating> <packager>psimons</packager> <summary>Security update for poppler</summary> <description>This update for poppler fixes the following issues: - CVE-2017-18267: Fixed an infinite recursion that would allow remote attackers to cause a denial of service (bsc#1092945). - CVE-2018-13988: Added an improper implementation check which otherwise could allow buffer overflows, memory corruption, and denial of service (bsc#1102531). - CVE-2018-16646: Fixed an infinite recursion which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1107597). - CVE-2018-18897: Fixed a memory leak (bsc#1114966). - CVE-2018-19058: Fixed a bug which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1115187). - CVE-2018-19059: Fixed an out-of-bounds read access which could allow a denial-of-service attack (bsc#1115186). - CVE-2018-19060: Fixed a NULL pointer dereference which could allow a denial-of-service attack (bsc#1115185). - CVE-2018-19149: Fixed a NULL pointer dereference which could allow a denial-of-service attack (bsc#1115626). - CVE-2018-20481: Fixed a NULL pointer dereference while handling unallocated XRef entries which could allow a denial-of-service attack (bsc#1120495). - CVE-2018-20551: Fixed a reachable assertion which could allow a denial-of-service attack through specially crafted PDF files (bsc#1120496). - CVE-2018-20650: Fixed a reachable assertion which could allow denial-of-service through specially crafted PDF files (bsc#1120939). - CVE-2018-20662: Fixed a bug which could potentially crash the running process by SIGABRT resulting in a denial-of-service attack through a specially crafted PDF file (bsc#1120956). - CVE-2019-10871: Fixed a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc (bsc#1131696). - CVE-2019-10872: Fixed a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc (bsc#1131722). - CVE-2019-14494: Fixed a divide-by-zero error in the function SplashOutputDev::tilingPatternFill (bsc#1143950). - CVE-2019-7310: Fixed a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) that allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document (bsc#1124150). - CVE-2019-9200: Fixed a heap-based buffer underwrite which could allow denial-of-service attack through a specially crafted PDF file (bsc#1127329) - CVE-2019-9631: Fixed a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function (bsc#1129202). - CVE-2019-9903: Fixed excessive stack consumption in the Dict::find() method, which can be triggered by passing a crafted pdf file to the pdfunite binary (bsc#1130229). - CVE-2019-9959: Fixed integer overflow that made it possible to allocate a large memory chunk on the heap with a size controlled by an attacker (bsc#1142465). - CVE-2020-27778: Fixed buffer overflow vulnerability in pdftohtml (bsc#1179163). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor