Overview

File _patchinfo of Package patchinfo.7676

<patchinfo incident="7676">
  <issue tracker="bnc" id="1059066">VUL-0: CVE-2017-14517: poppler: NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc</issue>
  <issue tracker="bnc" id="1060220">VUL-0: CVE-2017-14617: poppler: Ifloating point exception occurs in the ImageStream class inStream.cc, which may lead to denial of service</issue>
  <issue tracker="bnc" id="1074453">VUL-0: CVE-2017-1000456: poppler: libpoppler fails to validate boundaries inTextPool::addWord, leading to overflow in subsequent calculations.</issue>
  <issue tracker="bnc" id="1092105">VUL-0: CVE-2018-10768: poppler: NULL pointer dereference in the AnnotPath::getCoordsLength function</issue>
  <issue tracker="bnc" id="1064593">VUL-0: CVE-2017-15565: poppler:  NULL Pointer Dereference exists in theGfxImageColorMap::getGrayLine() and could lead to denial of service</issue>
  <issue tracker="cve" id="2017-14617"/>
  <issue tracker="cve" id="2017-15565"/>
  <issue tracker="cve" id="2018-10768"/>
  <issue tracker="cve" id="2017-1000456"/>
  <issue tracker="cve" id="2017-14517"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>psimons</packager>
  <description>This update for poppler fixes the following issues:

These security issues were fixed:

- CVE-2017-14617: Fixed a floating point exception in Stream.cc, which may lead
  to a potential attack when handling malicious PDF files. (bsc#1060220)
- CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent
  overflows in subsequent calculations (bsc#1074453)
- CVE-2017-15565: Prevent NULL Pointer dereference in the
  GfxImageColorMap::getGrayLine() function via a crafted PDF document
  (bsc#1064593)
- CVE-2018-10768: Prevent NULL pointer dereference in the
  AnnotPath::getCoordsLength function. A crafted input could have lead to a
  remote denial of service attack (bsc#1092105).

This update also fixes an additional segmentation fault that is trigger by the
reproducer for CVE-2017-14517 (bsc#1059066).
</description>
  <summary>Security update for poppler</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places