Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 580
Alerts This Week
Warning Icon 1 580

SUSE: 2018:2481-1 Moderate: podofo Denial of Service Warning

suse
Calendar Grey August 22, 2018
Dist Suse Esm H88
SUSE has released a Security Update for podofo that resolves 16 vulnerabilities, classified as moderate, which mitigate denial of service threats within SUSE systems.
An update that fixes 16 vulnerabilities is now available

Summary

This update for podofo fixes the following issues: - CVE-2017-5852: The PoDoFo::PdfPage::GetInheritedKeyFromObject function allowed remote attackers to cause a denial of service (infinite loop) via a crafted file (bsc#1023067). - CVE-2017-5853: Integer overflow allowed remote attackers to have unspecified impact via a crafted file (bsc#1023069). - CVE-2017-5854: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted file (bsc#1023070). - CVE-2017-5855: The PoDoFo::PdfParser::ReadXRefSubsection function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1023071). - CVE-2017-5886: Prevent heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function that allowed remote

References

#1023067 #1023069 #1023070 #1023071 #1023380

#1027778 #1027782 #1027787 #1032017 #1032018

#1032019 #1035534 #1035596 #1037739 #1075772

#1084894

Cross- CVE-2017-5852 CVE-2017-5853 CVE-2017-5854

CVE-2017-5855 CVE-2017-5886 CVE-2017-6840

CVE-2017-6844 CVE-2017-6847 CVE-2017-7378

CVE-2017-7379 CVE-2017-7380 CVE-2017-7994

CVE-2017-8054 CVE-2017-8787 CVE-2018-5308

CVE-2018-8001

Affected Products:

SUSE Linux Enterprise Workstation Extension 12-SP3

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2017-5852.html

https://www.suse.com/security/cve/CVE-2017-5853.html

https://www.suse.com/security/cve/CVE-2017-5854.html

https://www.suse.com/security/cve/CVE-2017-5855.html

Announcement ID: SUSE-SU-2018:2481-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.