This update for podofo fixes the following issues: These security issues were fixed: - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772) - CVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026). - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote
#1027779 #1032020 #1032021 #1032022 #1075021
#1075026 #1075322 #1075772 #1076962 #1096889
#1096890
Cross- CVE-2017-6845 CVE-2017-7381 CVE-2017-7382
CVE-2017-7383 CVE-2017-8054 CVE-2018-11256
CVE-2018-5295 CVE-2018-5296 CVE-2018-5308
CVE-2018-5309 CVE-2018-5783
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP4
SUSE Linux Enterprise Workstation Extension 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP4
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Desktop 12-SP4
SUSE Linux Enterprise Desktop 12-SP3
https://www.suse.com/security/cve/CVE-2017-6845.html
https://www.suse.com/security/cve/CVE-2017-7381.html
https://www.suse.com/security/cve/CVE-2017-7382.html
Get the latest Linux and open source security news straight to your inbox.