Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
patchinfo.8856
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.8856
<patchinfo incident="8856"> <issue tracker="bnc" id="1096890">VUL-1: CVE-2018-11255: podofo: Null Pointer Dereference Denial of Service in PdfPage::GetPageNumber()</issue> <issue tracker="bnc" id="1076962">VUL-1: CVE-2018-5783: podofo: Uncontrolled memory allocation in PoDoFo::PdfVecObjects::Reserve (src/base/PdfVecObjects.h)</issue> <issue tracker="bnc" id="1096889">VUL-1: CVE-2018-11256: podofo: Null Pointer Dereference Denial of Service</issue> <issue tracker="bnc" id="1032021">VUL-1: CVE-2017-7382: podofo: four null pointer dereference</issue> <issue tracker="bnc" id="1032020">VUL-1: CVE-2017-7381: podofo: four null pointer dereference</issue> <issue tracker="bnc" id="1032022">VUL-1: CVE-2017-7383: podofo: four null pointer dereference</issue> <issue tracker="bnc" id="1075772">VUL-1: CVE-2018-5308: podofo: Undefined behavior (memcpy with NULL pointer) in PdfMemoryOutputStream::Write (src/base/PdfOutputStream.cpp)</issue> <issue tracker="bnc" id="1027779">VUL-1: CVE-2017-6845: podofo: NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h)</issue> <issue tracker="bnc" id="1075021">VUL-1: CVE-2018-5296: podofo: podofoimgextract: memory malloc failure in PdfParser::ReadXRefSubsection (src/base/PdfParser.cpp)</issue> <issue tracker="bnc" id="1075322">VUL-1: CVE-2018-5309: podofo: integer overflow caused by out-of-range left shift in readUInt32 (util/read.c)</issue> <issue tracker="bnc" id="1075026">VUL-1: CVE-2018-5295: podofo: Integer Overflow in PdfXRefStreamParserObject::ParseStream</issue> <issue tracker="cve" id="2018-11256"/> <issue tracker="cve" id="2018-5309"/> <issue tracker="cve" id="2018-5295"/> <issue tracker="cve" id="2018-5296"/> <issue tracker="cve" id="2018-5783"/> <issue tracker="cve" id="2017-6845"/> <issue tracker="cve" id="2018-5308"/> <issue tracker="cve" id="2017-7381"/> <issue tracker="cve" id="2017-7382"/> <issue tracker="cve" id="2017-7383"/> <issue tracker="cve" id="2017-8054"/> <category>security</category> <rating>moderate</rating> <packager>alarrosa</packager> <description>This update for podofo fixes the following issues: These security issues were fixed: - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5308: Properly validate memcpy arguments in the PdfMemoryOutputStream::Write function to prevent remote attackers from causing a denial-of-service or possibly have unspecified other impact via a crafted pdf file (bsc#1075772) - CVE-2018-5295: Prevent integer overflow in the PdfXRefStreamParserObject::ParseStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075026). - CVE-2017-6845: The PoDoFo::PdfColor::operator function allowed remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file (bsc#1027779). - CVE-2018-5309: Prevent integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075322). - CVE-2018-5296: Prevent uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function that allowed remote attackers to cause a denial-of-service via a crafted pdf file (bsc#1075021). - CVE-2017-7381: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032020). - CVE-2017-7382: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032021). - CVE-2017-7383: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1032022). - CVE-2018-11256: Prevent NULL pointer dereference that allowed remote attackers to cause a denial of service via a crafted PDF document (bsc#1096889). - CVE-2018-5783: Prevent uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function that allowed remote attackers to cause a denial of service via a crafted pdf file (bsc#1076962). These non-security issues were fixed: - Prevent regression caused by the fix for CVE-2017-8054. - Prevent NULL dereferences when "Kids" array is missing (bsc#1096890) - Added to detect cycles and recursions in XRef tables </description> <summary>Security update for podofo</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
