File _patchinfo of Package patchinfo.29745

<patchinfo incident="29745">
  <issue tracker="cve" id="2022-27337"/>
  <issue tracker="cve" id="2019-7310"/>
  <issue tracker="cve" id="2018-19058"/>
  <issue tracker="cve" id="2018-19060"/>
  <issue tracker="cve" id="2018-19149"/>
  <issue tracker="cve" id="2018-20481"/>
  <issue tracker="cve" id="2018-13988"/>
  <issue tracker="cve" id="2018-21009"/>
  <issue tracker="cve" id="2018-16646"/>
  <issue tracker="cve" id="2018-20650"/>
  <issue tracker="cve" id="2017-18267"/>
  <issue tracker="cve" id="2018-18897"/>
  <issue tracker="cve" id="2018-19059"/>
  <issue tracker="bnc" id="1102531">VUL-1: poppler: CVE-2018-13988 poppler: buffer overflow in pdfunite</issue>
  <issue tracker="bnc" id="1092945">VUL-1: CVE-2017-18267: poppler: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file</issue>
  <issue tracker="bnc" id="1115187">VUL-1: CVE-2018-19058: poppler: reachable abort in Object.h leading to denial of service</issue>
  <issue tracker="bnc" id="1115185">VUL-1: CVE-2018-19060: poppler: NULL pointer dereference in goo/GooString.h leads to denial of service</issue>
  <issue tracker="bnc" id="1114966">VUL-1: CVE-2018-18897: poppler: memory leak in GfxColorSpace:setDisplayProfile in GfxState.cc</issue>
  <issue tracker="bnc" id="1120939">VUL-1: CVE-2018-20650: poppler: A reachable Object in dictLookup assertion  allows attackers to cause DOS</issue>
  <issue tracker="bnc" id="1124150">VUL-1: CVE-2019-7310: poppler: A heap-based buffer over-read allows remote attackers to cause DOS via a special crafted PDF</issue>
  <issue tracker="bnc" id="1115186">VUL-1: CVE-2018-19059: poppler: out-of-bounds read in EmbFile:save2 in FileSpec.cc leading to denial of service</issue>
  <issue tracker="bnc" id="1149635">VUL-1: CVE-2018-21009: xpdf,poppler: integer overflow in Parser:makeStream in Parser.cc.</issue>
  <issue tracker="bnc" id="1199272">VUL-1: CVE-2022-27337: poppler,poppler-qt: A logic error in the Hints::Hints function can cause denial of service</issue>
  <issue tracker="bnc" id="1115626">VUL-1: CVE-2018-19149: poppler: NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment</issue>
  <issue tracker="bnc" id="1107597">VUL-1: CVE-2018-16646: poppler: Infinite recursion in poppler/Parser.cc:Parser::getObj() function</issue>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for poppler</summary>
  <description>This update for poppler fixes the following issues:

  - CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272).
  - CVE-2018-21009: Fixed integer overflow in Parser:makeStream in Parser.cc (bsc#1149635).
  - CVE-2018-20481: Fixed memory leak in GfxColorSpace:setDisplayProfile in GfxState.cc (bsc#1114966).
  - CVE-2019-7310: Fixed a heap-based buffer over-read allows remote attackers to cause DOS via a special crafted PDF (bsc#1124150).
  - CVE-2018-13988: Fixed buffer overflow in pdfunite (bsc#1102531).
  - CVE-2018-16646: Fixed infinite recursion in poppler/Parser.cc:Parser::getObj() function (bsc#1107597).
  - CVE-2018-19058: Fixed reachable abort in Object.h leading to denial of service (bsc#1115187).
  - CVE-2018-19059: Fixed out-of-bounds read in EmbFile:save2 in FileSpec.cc leading to denial of service (bsc#1115186).
  - CVE-2018-19060: Fixed NULL pointer dereference in goo/GooString.h leading to denial of service (bsc#1115185).
  - CVE-2018-19149: Fixed NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment (bsc#1115626).
  - CVE-2017-18267: Fixed denial of service (infinite recursion) via a crafted PDF file (bsc#1092945).
  - CVE-2018-20650: Fixed issue where a reachable Object in dictLookup assertion allows attackers to cause DOS (bsc#1120939).


</description>
</patchinfo>