SUSE-SU-2024:3550-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20243550-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3550-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:3550-1
Related
Published
2024-10-08T14:07:52Z
Modified
2024-10-08T14:07:52Z
Summary
Security update for podofo
Details

This update for podofo fixes the following issues:

  • CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190)
  • CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787)
  • CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786)
  • CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785)
  • CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779)
  • CVE-2017-6849: Fixed NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) (bsc#1027776)
  • CVE-2017-8378: Fixed denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp) (bsc#1037000)

  • Fixed NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) (bsc#1023072)

References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP5 / podofo

Package

Name
podofo
Purl
pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.6-150300.3.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libpodofo-devel": "0.9.6-150300.3.15.1",
            "podofo": "0.9.6-150300.3.15.1",
            "libpodofo0_9_6": "0.9.6-150300.3.15.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP6 / podofo

Package

Name
podofo
Purl
pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.6-150300.3.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libpodofo-devel": "0.9.6-150300.3.15.1",
            "podofo": "0.9.6-150300.3.15.1",
            "libpodofo0_9_6": "0.9.6-150300.3.15.1"
        }
    ]
}

openSUSE:Leap 15.5 / podofo

Package

Name
podofo
Purl
pkg:rpm/opensuse/podofo&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.6-150300.3.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libpodofo-devel": "0.9.6-150300.3.15.1",
            "podofo": "0.9.6-150300.3.15.1",
            "libpodofo0_9_6": "0.9.6-150300.3.15.1"
        }
    ]
}

openSUSE:Leap 15.6 / podofo

Package

Name
podofo
Purl
pkg:rpm/opensuse/podofo&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.6-150300.3.15.1

Ecosystem specific

{
    "binaries": [
        {
            "libpodofo-devel": "0.9.6-150300.3.15.1",
            "podofo": "0.9.6-150300.3.15.1",
            "libpodofo0_9_6": "0.9.6-150300.3.15.1"
        }
    ]
}