Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

SUSE: 2019:0393-1 Moderate: Podofo Denial Of Service Issues Fixed

suse
Calendar Grey February 14, 2019
Dist Suse Esm H88
SUSE Security Update: Security update for podofo ___________________________________________________
An update that fixes 11 vulnerabilities is now available

Summary

This update for podofo fixes the following issues: These security issues were fixed: - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772) - CVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026). - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote

References

#1027779 #1032020 #1032021 #1032022 #1075021

#1075026 #1075322 #1075772 #1076962 #1096889

#1096890

Cross- CVE-2017-6845 CVE-2017-7381 CVE-2017-7382

CVE-2017-7383 CVE-2017-8054 CVE-2018-11256

CVE-2018-5295 CVE-2018-5296 CVE-2018-5308

CVE-2018-5309 CVE-2018-5783

Affected Products:

SUSE Linux Enterprise Workstation Extension 12-SP4

SUSE Linux Enterprise Workstation Extension 12-SP3

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Desktop 12-SP4

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2017-6845.html

https://www.suse.com/security/cve/CVE-2017-7381.html

https://www.suse.com/security/cve/CVE-2017-7382.html

Announcement ID: SUSE-SU-2019:0393-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here