Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2023:4362-1 Moderate: Poppler Denial Of Service Fix

suse
Calendar Grey November 3, 2023
Dist Suse Esm H88
SUSE unveils important security enhancement for poppler resolving various vulnerabilities. Comprehensive guidelines for applying the patch provided.
* bsc#1112424 * bsc#1112428 * bsc#1128114 * bsc#1129202 * bsc#1140745

Summary

## This update for poppler fixes the following issues: * CVE-2019-9545: Fixed a potential crash due to uncontrolled recursion in the JBIG parser (bsc#1128114). * CVE-2019-9631: Fixed an out of bounds read when converting a PDF to an image (bsc#1129202). * CVE-2022-37052: Fixed a reachable assertion when extracting pages of a PDf file (bsc#1214726). * CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256). * CVE-2019-13287: Fixed an out-of-bounds read vulnerability in the function SplashXPath:strokeAdjust (bsc#1140745). * CVE-2018-18456: Fixed a stack-based buffer over-read via a crafted pdf file (bsc#1112428). * CVE-2018-18454: Fixed heap-based buffer over-read via a crafted pdf file (bsc#1112424). * CVE-2019-14292: Fixed an out of bounds read in GfxState.cc (bsc#1143570).

Topics%20covered

Topics Covered

security advisory moderate denial of service security issue software update SUSE poppler

References

* bsc#1112424

* bsc#1112428

* bsc#1128114

* bsc#1129202

* bsc#1140745

* bsc#1143570

* bsc#1214256

* bsc#1214723

* bsc#1214726

Cross-

* CVE-2018-18454

* CVE-2018-18456

* CVE-2019-13287

* CVE-2019-14292

* CVE-2019-9545

* CVE-2019-9631

* CVE-2020-36023

* CVE-2022-37052

* CVE-2022-48545

CVSS scores:

* CVE-2018-18454 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2018-18454 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2018-18456 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2018-18456 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2019-13287 ( SUSE ): 3.9 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

* CVE-2019-13287 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4362-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate denial of service security issue software update SUSE poppler

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here