SUSE-SU-2024:3541-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20243541-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3541-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:3541-1
- Related
- Published
- 2024-10-08T08:33:37Z
- Modified
- 2024-10-08T08:33:37Z
- Summary
- Security update for podofo
- Details
-
This update for podofo fixes the following issues:
- CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190)
- CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787)
- CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786)
- CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785)
- CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779)
- CVE-2017-6849: Fixed NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) (bsc#1027776)
- CVE-2017-8378: Fixed denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp) (bsc#1037000)
- CVE-2018-5308: Fixed Undefined behavior (memcpy with NULL pointer) in PdfMemoryOutputStream::Write (src/base/PdfOutputStream.cpp) (bsc#1075772)
- CVE-2019-10723: Fixed Memory leak in PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp (bsc#1131544)
CVE-2019-9199: Fixed NULL pointer dereference in function PoDoFo:Impose:PdfTranslator:setSource() in pdftranslator.cpp (bsc#1127855)
Fixed NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) (bsc#1023072)
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20243541-1/
- https://bugzilla.suse.com/1023072
- https://bugzilla.suse.com/1023190
- https://bugzilla.suse.com/1027776
- https://bugzilla.suse.com/1027779
- https://bugzilla.suse.com/1027785
- https://bugzilla.suse.com/1027786
- https://bugzilla.suse.com/1027787
- https://bugzilla.suse.com/1037000
- https://bugzilla.suse.com/1075772
- https://bugzilla.suse.com/1127855
- https://bugzilla.suse.com/1131544
- https://www.suse.com/security/cve/CVE-2015-8981
- https://www.suse.com/security/cve/CVE-2017-5854
- https://www.suse.com/security/cve/CVE-2017-6840
- https://www.suse.com/security/cve/CVE-2017-6841
- https://www.suse.com/security/cve/CVE-2017-6842
- https://www.suse.com/security/cve/CVE-2017-6845
- https://www.suse.com/security/cve/CVE-2017-6849
- https://www.suse.com/security/cve/CVE-2017-8378
- https://www.suse.com/security/cve/CVE-2018-5308
- https://www.suse.com/security/cve/CVE-2019-10723
- https://www.suse.com/security/cve/CVE-2019-9199
Affected packages
SUSE:Linux Enterprise Software Development Kit 12 SP5 / podofo
Package
- Name
- podofo
- Purl
- pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5