Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

SUSE: 2024:3541-1 moderate: podofo Security Advisory Updates

suse
Calendar Grey October 8, 2024
Dist Suse Esm H88
Security update for podofo addresses multiple issues, enhancing system protection and stability.
* bsc#1023072 * bsc#1023190 * bsc#1027776 * bsc#1027779 * bsc#1027785

Summary

## This update for podofo fixes the following issues: * CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190) * CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787) * CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786) * CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785) * CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779) * CVE-2017-6849: Fixed NULL pointer dereference in

References

* bsc#1023072

* bsc#1023190

* bsc#1027776

* bsc#1027779

* bsc#1027785

* bsc#1027786

* bsc#1027787

* bsc#1037000

* bsc#1075772

* bsc#1127855

* bsc#1131544

Cross-

* CVE-2015-8981

* CVE-2017-5854

* CVE-2017-6840

* CVE-2017-6841

* CVE-2017-6842

* CVE-2017-6845

* CVE-2017-6849

* CVE-2017-8378

* CVE-2018-5308

* CVE-2019-10723

* CVE-2019-9199

CVSS scores:

* CVE-2017-5854 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2017-6840 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2017-6841 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2017-6842 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2017-6845 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Announcement ID: SUSE-SU-2024:3541-1
Release Date: 2024-10-08T08:33:37Z
Rating: moderate

Topics%20covered

Topics Covered

No topics assigned

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here