Overview

File _patchinfo of Package patchinfo.10471

<patchinfo incident="10471">
  <issue tracker="bnc" id="1096890">VUL-1: CVE-2018-11255: podofo: Null Pointer Dereference Denial of Service in PdfPage::GetPageNumber()</issue>
  <issue tracker="bnc" id="1076962">VUL-1: CVE-2018-5783: podofo: Uncontrolled memory allocation in PoDoFo::PdfVecObjects::Reserve (src/base/PdfVecObjects.h)</issue>
  <issue tracker="bnc" id="1124357">VUL-1: CVE-2018-20751: podofo: null pointer dereference in crop_page function</issue>
  <issue tracker="bnc" id="1099720">VUL-0: CVE-2018-12982: podofo: invalid memory read bug in PdfVariant::DelayedLoad()</issue>
  <issue tracker="bnc" id="1035596">VUL-1: CVE-2017-8054: podofo: denial of service via a crafted PDF document (PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464)</issue>
  <issue tracker="cve" id="2018-12982"/>
  <issue tracker="cve" id="2018-5783"/>
  <issue tracker="cve" id="2018-20751"/>
  <issue tracker="cve" id="2017-8054"/>
  <issue tracker="cve" id="2018-11255"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>alarrosa</packager>
  <description>This update for podofo fixes the following issues:

Security issues fixed:

- CVE-2017-8054: Fixed a vulnerability in PdfPagesTree::GetPageNodeFromArray function which could allow 
  remote attackers to cause Denial of Service (bsc#1035596).
- CVE-2018-5783: Fixed an uncontrolled memory allocation in PdfVecObjects::Reserve function (bsc#1076962). 
- CVE-2018-11255: Fixed a null pointer dereference in PdfPage::GetPageNumber() function which could lead
  to Denial of Service (bsc#1096890).
- CVE-2018-20751: Fixed a null pointer dereference in crop_page function (bsc#1124357).
- CVE-2018-12982: Fixed an invalid memory read in PdfVariant::DelayedLoad() function which could allow 
  remote attackers to cause Denial of Service (bsc#1099720).
- Fixed a buffer overflow in TestEncrypt function.
- Fixed a null pointer dereference in PdfTranslator-setTarget function.
- Fixed a heap based buffer overflow PdfVariant:DelayedLoad function.
</description>
  <summary>Security update for podofo</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places