Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

SUSE: 2021:3854-1 Critical: Poppler Denial of Service Issues

suse
Calendar Grey December 1, 2021
Dist Suse Esm H88
A significant announcement from SUSE resolves 21 vulnerabilities related to poppler, mitigating severe stability concerns.
An update that fixes 21 vulnerabilities is now available

Summary

This update for poppler fixes the following issues: - CVE-2017-18267: Fixed an infinite recursion that would allow remote attackers to cause a denial of service (bsc#1092945). - CVE-2018-13988: Added an improper implementation check which otherwise could allow buffer overflows, memory corruption, and denial of service (bsc#1102531). - CVE-2018-16646: Fixed an infinite recursion which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1107597). - CVE-2018-18897: Fixed a memory leak (bsc#1114966). - CVE-2018-19058: Fixed a bug which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1115187). - CVE-2018-19059: Fixed an out-of-bounds read access which could allow a denial-of-service attack (bsc#1115186).

Topics%20covered

Topics Covered

security advisory denial of service software patch vulnerability important SUSE poppler

References

#1092945 #1102531 #1107597 #1114966 #1115185

#1115186 #1115187 #1115626 #1120495 #1120496

#1120939 #1120956 #1124150 #1127329 #1129202

#1130229 #1131696 #1131722 #1142465 #1143950

#1179163

Cross- CVE-2017-18267 CVE-2018-13988 CVE-2018-16646

CVE-2018-18897 CVE-2018-19058 CVE-2018-19059

CVE-2018-19060 CVE-2018-19149 CVE-2018-20481

CVE-2018-20551 CVE-2018-20650 CVE-2018-20662

CVE-2019-10871 CVE-2019-10872 CVE-2019-14494

CVE-2019-7310 CVE-2019-9200 CVE-2019-9631

CVE-2019-9903 CVE-2019-9959 CVE-2020-27778

CVSS scores:

CVE-2017-18267 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVE-2017-18267 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-13988 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:3854-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service software patch vulnerability important SUSE poppler

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here