Overview

File _patchinfo of Package patchinfo.5692

<patchinfo incident="5692">
  <issue id="1059066" tracker="bnc">VUL-0: CVE-2017-14517: poppler: NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc</issue>
  <issue id="1059101" tracker="bnc">VUL-0: CVE-2017-14518: poppler: floating point exception exists in the isImageInterpolationRequired() function in Splash.cc</issue>
  <issue id="1059155" tracker="bnc">VUL-0: CVE-2017-14520: poppler: floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc</issue>
  <issue id="1061265" tracker="bnc">VUL-0: CVE-2017-14977: poppler: denial of service in FoFiTrueType::getCFFBlock function in FoFiTrueType.cc</issue>
  <issue id="2017-14977" tracker="cve" />
  <issue id="2017-14517" tracker="cve" />
  <issue id="2017-14518" tracker="cve" />
  <issue id="2017-14520" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>psimons</packager>
  <description>This update for poppler fixes the following issues:

This security issue was fixed:

- CVE-2017-14517: Prevent NULL Pointer dereference in the XRef::parseEntry()
  function via a crafted PDF document (bsc#1059066).
- CVE-2017-14518: Remedy a floating point exception in
  isImageInterpolationRequired() that could have been exploited using a
  specially crafted PDF document. (bsc#1059101)
- CVE-2017-14520: Remedy a floating point exception in
  Splash::scaleImageYuXd() that could have been exploited using a specially
  crafted PDF document. (bsc#1059155)
- CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the
  FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred
  due to lack of validation of a table pointer, which allows an attacker
  to launch a denial of service attack. (bsc#1061265)

</description>
  <summary>Security update for poppler</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places