Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE: 2023:4546-1 Moderate: Poppler DoS and Stack Overflow Fix

suse
Calendar Grey November 24, 2023
Dist Suse Esm H88
This update addresses several security flaws in Poppler for openSUSE. Discover further details regarding the fixes and the steps necessary to apply them.
* bsc#1128114 * bsc#1129202 * bsc#1143570 * bsc#1214256 * bsc#1214723

Summary

## This update for poppler fixes the following issues: * CVE-2019-9545: Fixed a potential crash due to uncontrolled recursion in the JBIG parser (bsc#1128114). * CVE-2019-9631: Fixed an out of bounds read when converting a PDF to an image (bsc#1129202). * CVE-2022-37052: Fixed a reachable assertion when extracting pages of a PDf file (bsc#1214726). * CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256). * CVE-2019-14292: Fixed an out of bounds read in GfxState.cc (bsc#1143570). * CVE-2022-48545: Fixed an infinite recursion in Catalog::findDestInTree which can cause denial of service (bsc#1214723). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory moderate DoS SUSE stack overflow poppler

References

* bsc#1128114

* bsc#1129202

* bsc#1143570

* bsc#1214256

* bsc#1214723

* bsc#1214726

Cross-

* CVE-2019-14292

* CVE-2019-9545

* CVE-2019-9631

* CVE-2020-36023

* CVE-2022-37052

* CVE-2022-48545

CVSS scores:

* CVE-2019-14292 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2019-14292 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2019-9545 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2019-9545 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2019-9631 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2019-9631 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2020-36023 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Announcement ID: SUSE-SU-2023:4546-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate DoS SUSE stack overflow poppler

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here