Overview

File _patchinfo of Package patchinfo.31256

<patchinfo incident="31256">
  <issue tracker="cve" id="2022-37052"/>
  <issue tracker="cve" id="2019-9545"/>
  <issue tracker="cve" id="2019-9631"/>
  <issue tracker="cve" id="2019-13287"/>
  <issue tracker="cve" id="2018-18456"/>
  <issue tracker="cve" id="2020-36023"/>
  <issue tracker="cve" id="2018-18454"/>
  <issue tracker="cve" id="2019-14292"/>
  <issue tracker="cve" id="2022-48545"/>
  <issue tracker="bnc" id="1214726">VUL-0: CVE-2022-37052: poppler: reachable assertion due to a failure in markObject()</issue>
  <issue tracker="bnc" id="1128114">VUL-1: CVE-2019-9545: poppler: denial of service via recursive function call, in JBIG2Stream:readTextRegion() located in JBIG2Stream.cc</issue>
  <issue tracker="bnc" id="1129202">VUL-1: CVE-2019-9631: poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc</issue>
  <issue tracker="bnc" id="1214256">VUL-0: CVE-2020-36023: poppler: Stack-Overflow in `FoFiType1C:cvtGlyph`</issue>
  <issue tracker="bnc" id="1140745">VUL-1: CVE-2019-13287: xpdf,poppler: In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath:strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF docum</issue>
  <issue tracker="bnc" id="1112428">VUL-1: CVE-2018-18456: xpdf: Object:isName() in Object.h called from Gfx:opSetFillColorN stack-based buffer over-read</issue>
  <issue tracker="bnc" id="1112424">VUL-1: CVE-2018-18454: xpdf: CCITTFaxStream:readRow() in Stream.cc heap-based buffer over-read</issue>
  <issue tracker="bnc" id="1214723">VUL-0: CVE-2022-48545: poppler: infinite recursion in Catalog:findDestInTree</issue>
  <issue tracker="bnc" id="1143570">VUL-1: CVE-2019-14292: xpdf, poppler: An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading:parse at GfxState.cc for typeA!=6 case 1.</issue>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for poppler</summary>
  <description>This update for poppler fixes the following issues:

- CVE-2019-9545: Fixed a potential crash due to uncontrolled recursion
  in the JBIG parser (bsc#1128114).
- CVE-2019-9631: Fixed an out of bounds read when converting a PDF to
  an image (bsc#1129202).
- CVE-2022-37052: Fixed a reachable assertion when extracting pages of
  a PDf file (bsc#1214726).
- CVE-2020-36023: Fixed a stack bugger overflow in
  FoFiType1C:cvtGlyph (bsc#1214256).
- CVE-2019-13287: Fixed an out-of-bounds read vulnerability in the
  function SplashXPath:strokeAdjust (bsc#1140745).
- CVE-2018-18456: Fixed a stack-based buffer over-read via a crafted
  pdf file (bsc#1112428).
- CVE-2018-18454: Fixed heap-based buffer over-read via a crafted pdf
  file (bsc#1112424).
- CVE-2019-14292: Fixed an out of bounds read in GfxState.cc
  (bsc#1143570).
- CVE-2022-48545: Fixed an infinite recursion in
  Catalog::findDestInTree which can cause denial of service
  (bsc#1214723).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places