Explore top 10 tips to secure your open-source projects now. Read More
×
This update for podofo fixes the following issues: - CVE-2017-5852: The PoDoFo::PdfPage::GetInheritedKeyFromObject function allowed remote attackers to cause a denial of service (infinite loop) via a crafted file (bsc#1023067). - CVE-2017-5853: Integer overflow allowed remote attackers to have unspecified impact via a crafted file (bsc#1023069). - CVE-2017-5854: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted file (bsc#1023070). - CVE-2017-5855: The PoDoFo::PdfParser::ReadXRefSubsection function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1023071). - CVE-2017-5886: Prevent heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function that allowed remote
#1023067 #1023069 #1023070 #1023071 #1023380
#1027778 #1027782 #1027787 #1032017 #1032018
#1032019 #1035534 #1035596 #1037739 #1075772
#1084894
Cross- CVE-2017-5852 CVE-2017-5853 CVE-2017-5854
CVE-2017-5855 CVE-2017-5886 CVE-2017-6840
CVE-2017-6844 CVE-2017-6847 CVE-2017-7378
CVE-2017-7379 CVE-2017-7380 CVE-2017-7994
CVE-2017-8054 CVE-2017-8787 CVE-2018-5308
CVE-2018-8001
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Desktop 12-SP3
https://www.suse.com/security/cve/CVE-2017-5852.html
https://www.suse.com/security/cve/CVE-2017-5853.html
https://www.suse.com/security/cve/CVE-2017-5854.html
https://www.suse.com/security/cve/CVE-2017-5855.html
Get the latest Linux and open source security news straight to your inbox.