opensuse-su-2021:3854-1
Vulnerability from csaf_opensuse
Published
2021-12-01 15:59
Modified
2021-12-01 15:59
Summary
Security update for poppler
Notes
Title of the patch
Security update for poppler
Description of the patch
This update for poppler fixes the following issues:
- CVE-2017-18267: Fixed an infinite recursion that would allow remote attackers to cause a denial of service (bsc#1092945).
- CVE-2018-13988: Added an improper implementation check which otherwise could allow buffer overflows, memory corruption, and denial of service (bsc#1102531).
- CVE-2018-16646: Fixed an infinite recursion which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1107597).
- CVE-2018-18897: Fixed a memory leak (bsc#1114966).
- CVE-2018-19058: Fixed a bug which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1115187).
- CVE-2018-19059: Fixed an out-of-bounds read access which could allow a denial-of-service attack (bsc#1115186).
- CVE-2018-19060: Fixed a NULL pointer dereference which could allow a denial-of-service attack (bsc#1115185).
- CVE-2018-19149: Fixed a NULL pointer dereference which could allow a denial-of-service attack (bsc#1115626).
- CVE-2018-20481: Fixed a NULL pointer dereference while handling unallocated XRef entries which could allow a denial-of-service attack (bsc#1120495).
- CVE-2018-20551: Fixed a reachable assertion which could allow a denial-of-service attack through specially crafted PDF files (bsc#1120496).
- CVE-2018-20650: Fixed a reachable assertion which could allow denial-of-service through specially crafted PDF files (bsc#1120939).
- CVE-2018-20662: Fixed a bug which could potentially crash the running process by SIGABRT resulting in a denial-of-service attack through a specially crafted PDF file (bsc#1120956).
- CVE-2019-10871: Fixed a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc (bsc#1131696).
- CVE-2019-10872: Fixed a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc (bsc#1131722).
- CVE-2019-14494: Fixed a divide-by-zero error in the function SplashOutputDev::tilingPatternFill (bsc#1143950).
- CVE-2019-7310: Fixed a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) that allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document (bsc#1124150).
- CVE-2019-9200: Fixed a heap-based buffer underwrite which could allow denial-of-service attack through a specially crafted PDF file (bsc#1127329)
- CVE-2019-9631: Fixed a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function (bsc#1129202).
- CVE-2019-9903: Fixed excessive stack consumption in the Dict::find() method, which can be triggered by passing a crafted pdf file to the pdfunite binary (bsc#1130229).
- CVE-2019-9959: Fixed integer overflow that made it possible to allocate a large memory chunk on the heap with a size controlled by an attacker (bsc#1142465).
- CVE-2020-27778: Fixed buffer overflow vulnerability in pdftohtml (bsc#1179163).
Patchnames
openSUSE-SLE-15.3-2021-3854
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for poppler",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for poppler fixes the following issues:\n\n- CVE-2017-18267: Fixed an infinite recursion that would allow remote attackers to cause a denial of service (bsc#1092945).\n- CVE-2018-13988: Added an improper implementation check which otherwise could allow buffer overflows, memory corruption, and denial of service (bsc#1102531).\n- CVE-2018-16646: Fixed an infinite recursion which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1107597).\n- CVE-2018-18897: Fixed a memory leak (bsc#1114966).\n- CVE-2018-19058: Fixed a bug which could allow a denial-of-service attack via a specially crafted PDF file (bsc#1115187).\n- CVE-2018-19059: Fixed an out-of-bounds read access which could allow a denial-of-service attack (bsc#1115186).\n- CVE-2018-19060: Fixed a NULL pointer dereference which could allow a denial-of-service attack (bsc#1115185).\n- CVE-2018-19149: Fixed a NULL pointer dereference which could allow a denial-of-service attack (bsc#1115626).\n- CVE-2018-20481: Fixed a NULL pointer dereference while handling unallocated XRef entries which could allow a denial-of-service attack (bsc#1120495).\n- CVE-2018-20551: Fixed a reachable assertion which could allow a denial-of-service attack through specially crafted PDF files (bsc#1120496).\n- CVE-2018-20650: Fixed a reachable assertion which could allow denial-of-service through specially crafted PDF files (bsc#1120939).\n- CVE-2018-20662: Fixed a bug which could potentially crash the running process by SIGABRT resulting in a denial-of-service attack through a specially crafted PDF file (bsc#1120956).\n- CVE-2019-10871: Fixed a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc (bsc#1131696).\n- CVE-2019-10872: Fixed a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc (bsc#1131722).\n- CVE-2019-14494: Fixed a divide-by-zero error in the function SplashOutputDev::tilingPatternFill (bsc#1143950).\n- CVE-2019-7310: Fixed a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) that allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document (bsc#1124150).\n- CVE-2019-9200: Fixed a heap-based buffer underwrite which could allow denial-of-service attack through a specially crafted PDF file (bsc#1127329)\n- CVE-2019-9631: Fixed a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function (bsc#1129202).\n- CVE-2019-9903: Fixed excessive stack consumption in the Dict::find() method, which can be triggered by passing a crafted pdf file to the pdfunite binary (bsc#1130229).\n- CVE-2019-9959: Fixed integer overflow that made it possible to allocate a large memory chunk on the heap with a size controlled by an attacker (bsc#1142465).\n- CVE-2020-27778: Fixed buffer overflow vulnerability in pdftohtml (bsc#1179163).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2021-3854",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_3854-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:3854-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TS7QPSEQIBQO7BALZOE3TN7IO7IMHK3Y/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:3854-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TS7QPSEQIBQO7BALZOE3TN7IO7IMHK3Y/"
},
{
"category": "self",
"summary": "SUSE Bug 1092945",
"url": "https://bugzilla.suse.com/1092945"
},
{
"category": "self",
"summary": "SUSE Bug 1102531",
"url": "https://bugzilla.suse.com/1102531"
},
{
"category": "self",
"summary": "SUSE Bug 1107597",
"url": "https://bugzilla.suse.com/1107597"
},
{
"category": "self",
"summary": "SUSE Bug 1114966",
"url": "https://bugzilla.suse.com/1114966"
},
{
"category": "self",
"summary": "SUSE Bug 1115185",
"url": "https://bugzilla.suse.com/1115185"
},
{
"category": "self",
"summary": "SUSE Bug 1115186",
"url": "https://bugzilla.suse.com/1115186"
},
{
"category": "self",
"summary": "SUSE Bug 1115187",
"url": "https://bugzilla.suse.com/1115187"
},
{
"category": "self",
"summary": "SUSE Bug 1115626",
"url": "https://bugzilla.suse.com/1115626"
},
{
"category": "self",
"summary": "SUSE Bug 1120495",
"url": "https://bugzilla.suse.com/1120495"
},
{
"category": "self",
"summary": "SUSE Bug 1120496",
"url": "https://bugzilla.suse.com/1120496"
},
{
"category": "self",
"summary": "SUSE Bug 1120939",
"url": "https://bugzilla.suse.com/1120939"
},
{
"category": "self",
"summary": "SUSE Bug 1120956",
"url": "https://bugzilla.suse.com/1120956"
},
{
"category": "self",
"summary": "SUSE Bug 1124150",
"url": "https://bugzilla.suse.com/1124150"
},
{
"category": "self",
"summary": "SUSE Bug 1127329",
"url": "https://bugzilla.suse.com/1127329"
},
{
"category": "self",
"summary": "SUSE Bug 1129202",
"url": "https://bugzilla.suse.com/1129202"
},
{
"category": "self",
"summary": "SUSE Bug 1130229",
"url": "https://bugzilla.suse.com/1130229"
},
{
"category": "self",
"summary": "SUSE Bug 1131696",
"url": "https://bugzilla.suse.com/1131696"
},
{
"category": "self",
"summary": "SUSE Bug 1131722",
"url": "https://bugzilla.suse.com/1131722"
},
{
"category": "self",
"summary": "SUSE Bug 1142465",
"url": "https://bugzilla.suse.com/1142465"
},
{
"category": "self",
"summary": "SUSE Bug 1143950",
"url": "https://bugzilla.suse.com/1143950"
},
{
"category": "self",
"summary": "SUSE Bug 1179163",
"url": "https://bugzilla.suse.com/1179163"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18267 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18267/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-13988 page",
"url": "https://www.suse.com/security/cve/CVE-2018-13988/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16646 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18897 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18897/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19058 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19059 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19060 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19149 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19149/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20481 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20551 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20551/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20650 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20662 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20662/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10871 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10872 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14494 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7310 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9200 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9631 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9631/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9959 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-27778 page",
"url": "https://www.suse.com/security/cve/CVE-2020-27778/"
}
],
"title": "Security update for poppler",
"tracking": {
"current_release_date": "2021-12-01T15:59:12Z",
"generator": {
"date": "2021-12-01T15:59:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:3854-1",
"initial_release_date": "2021-12-01T15:59:12Z",
"revision_history": [
{
"date": "2021-12-01T15:59:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpoppler73-0.62.0-4.6.1.aarch64",
"product": {
"name": "libpoppler73-0.62.0-4.6.1.aarch64",
"product_id": "libpoppler73-0.62.0-4.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpoppler73-0.62.0-4.6.1.ppc64le",
"product": {
"name": "libpoppler73-0.62.0-4.6.1.ppc64le",
"product_id": "libpoppler73-0.62.0-4.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpoppler73-0.62.0-4.6.1.s390x",
"product": {
"name": "libpoppler73-0.62.0-4.6.1.s390x",
"product_id": "libpoppler73-0.62.0-4.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpoppler73-0.62.0-4.6.1.x86_64",
"product": {
"name": "libpoppler73-0.62.0-4.6.1.x86_64",
"product_id": "libpoppler73-0.62.0-4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpoppler73-32bit-0.62.0-4.6.1.x86_64",
"product": {
"name": "libpoppler73-32bit-0.62.0-4.6.1.x86_64",
"product_id": "libpoppler73-32bit-0.62.0-4.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpoppler73-0.62.0-4.6.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64"
},
"product_reference": "libpoppler73-0.62.0-4.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpoppler73-0.62.0-4.6.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le"
},
"product_reference": "libpoppler73-0.62.0-4.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpoppler73-0.62.0-4.6.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x"
},
"product_reference": "libpoppler73-0.62.0-4.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpoppler73-0.62.0-4.6.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64"
},
"product_reference": "libpoppler73-0.62.0-4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpoppler73-32bit-0.62.0-4.6.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
},
"product_reference": "libpoppler73-32bit-0.62.0-4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-18267",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18267"
}
],
"notes": [
{
"category": "general",
"text": "The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18267",
"url": "https://www.suse.com/security/cve/CVE-2017-18267"
},
{
"category": "external",
"summary": "SUSE Bug 1092945 for CVE-2017-18267",
"url": "https://bugzilla.suse.com/1092945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2017-18267"
},
{
"cve": "CVE-2018-13988",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-13988"
}
],
"notes": [
{
"category": "general",
"text": "Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-13988",
"url": "https://www.suse.com/security/cve/CVE-2018-13988"
},
{
"category": "external",
"summary": "SUSE Bug 1102531 for CVE-2018-13988",
"url": "https://bugzilla.suse.com/1102531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "moderate"
}
],
"title": "CVE-2018-13988"
},
{
"cve": "CVE-2018-16646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16646"
}
],
"notes": [
{
"category": "general",
"text": "In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16646",
"url": "https://www.suse.com/security/cve/CVE-2018-16646"
},
{
"category": "external",
"summary": "SUSE Bug 1107597 for CVE-2018-16646",
"url": "https://bugzilla.suse.com/1107597"
},
{
"category": "external",
"summary": "SUSE Bug 1140882 for CVE-2018-16646",
"url": "https://bugzilla.suse.com/1140882"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2018-16646"
},
{
"cve": "CVE-2018-18897",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18897"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18897",
"url": "https://www.suse.com/security/cve/CVE-2018-18897"
},
{
"category": "external",
"summary": "SUSE Bug 1114966 for CVE-2018-18897",
"url": "https://bugzilla.suse.com/1114966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2018-18897"
},
{
"cve": "CVE-2018-19058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19058"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19058",
"url": "https://www.suse.com/security/cve/CVE-2018-19058"
},
{
"category": "external",
"summary": "SUSE Bug 1115187 for CVE-2018-19058",
"url": "https://bugzilla.suse.com/1115187"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2018-19058"
},
{
"cve": "CVE-2018-19059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19059"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19059",
"url": "https://www.suse.com/security/cve/CVE-2018-19059"
},
{
"category": "external",
"summary": "SUSE Bug 1115186 for CVE-2018-19059",
"url": "https://bugzilla.suse.com/1115186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2018-19059"
},
{
"cve": "CVE-2018-19060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19060"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19060",
"url": "https://www.suse.com/security/cve/CVE-2018-19060"
},
{
"category": "external",
"summary": "SUSE Bug 1115185 for CVE-2018-19060",
"url": "https://bugzilla.suse.com/1115185"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2018-19060"
},
{
"cve": "CVE-2018-19149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19149"
}
],
"notes": [
{
"category": "general",
"text": "Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19149",
"url": "https://www.suse.com/security/cve/CVE-2018-19149"
},
{
"category": "external",
"summary": "SUSE Bug 1115626 for CVE-2018-19149",
"url": "https://bugzilla.suse.com/1115626"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2018-19149"
},
{
"cve": "CVE-2018-20481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20481"
}
],
"notes": [
{
"category": "general",
"text": "XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20481",
"url": "https://www.suse.com/security/cve/CVE-2018-20481"
},
{
"category": "external",
"summary": "SUSE Bug 1120495 for CVE-2018-20481",
"url": "https://bugzilla.suse.com/1120495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2018-20481"
},
{
"cve": "CVE-2018-20551",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20551"
}
],
"notes": [
{
"category": "general",
"text": "A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20551",
"url": "https://www.suse.com/security/cve/CVE-2018-20551"
},
{
"category": "external",
"summary": "SUSE Bug 1120496 for CVE-2018-20551",
"url": "https://bugzilla.suse.com/1120496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2018-20551"
},
{
"cve": "CVE-2018-20650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20650"
}
],
"notes": [
{
"category": "general",
"text": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20650",
"url": "https://www.suse.com/security/cve/CVE-2018-20650"
},
{
"category": "external",
"summary": "SUSE Bug 1120939 for CVE-2018-20650",
"url": "https://bugzilla.suse.com/1120939"
},
{
"category": "external",
"summary": "SUSE Bug 1120956 for CVE-2018-20650",
"url": "https://bugzilla.suse.com/1120956"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2018-20650"
},
{
"cve": "CVE-2018-20662",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20662"
}
],
"notes": [
{
"category": "general",
"text": "In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20662",
"url": "https://www.suse.com/security/cve/CVE-2018-20662"
},
{
"category": "external",
"summary": "SUSE Bug 1120939 for CVE-2018-20662",
"url": "https://bugzilla.suse.com/1120939"
},
{
"category": "external",
"summary": "SUSE Bug 1120956 for CVE-2018-20662",
"url": "https://bugzilla.suse.com/1120956"
},
{
"category": "external",
"summary": "SUSE Bug 1214622 for CVE-2018-20662",
"url": "https://bugzilla.suse.com/1214622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2018-20662"
},
{
"cve": "CVE-2019-10871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10871"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10871",
"url": "https://www.suse.com/security/cve/CVE-2019-10871"
},
{
"category": "external",
"summary": "SUSE Bug 1131696 for CVE-2019-10871",
"url": "https://bugzilla.suse.com/1131696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-10871"
},
{
"cve": "CVE-2019-10872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10872"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10872",
"url": "https://www.suse.com/security/cve/CVE-2019-10872"
},
{
"category": "external",
"summary": "SUSE Bug 1131722 for CVE-2019-10872",
"url": "https://bugzilla.suse.com/1131722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-10872"
},
{
"cve": "CVE-2019-14494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14494"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14494",
"url": "https://www.suse.com/security/cve/CVE-2019-14494"
},
{
"category": "external",
"summary": "SUSE Bug 1143950 for CVE-2019-14494",
"url": "https://bugzilla.suse.com/1143950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14494"
},
{
"cve": "CVE-2019-7310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7310"
}
],
"notes": [
{
"category": "general",
"text": "In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7310",
"url": "https://www.suse.com/security/cve/CVE-2019-7310"
},
{
"category": "external",
"summary": "SUSE Bug 1124150 for CVE-2019-7310",
"url": "https://bugzilla.suse.com/1124150"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-7310"
},
{
"cve": "CVE-2019-9200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9200"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9200",
"url": "https://www.suse.com/security/cve/CVE-2019-9200"
},
{
"category": "external",
"summary": "SUSE Bug 1127329 for CVE-2019-9200",
"url": "https://bugzilla.suse.com/1127329"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "important"
}
],
"title": "CVE-2019-9200"
},
{
"cve": "CVE-2019-9631",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9631"
}
],
"notes": [
{
"category": "general",
"text": "Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9631",
"url": "https://www.suse.com/security/cve/CVE-2019-9631"
},
{
"category": "external",
"summary": "SUSE Bug 1129202 for CVE-2019-9631",
"url": "https://bugzilla.suse.com/1129202"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2019-9631"
},
{
"cve": "CVE-2019-9903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9903"
}
],
"notes": [
{
"category": "general",
"text": "PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9903",
"url": "https://www.suse.com/security/cve/CVE-2019-9903"
},
{
"category": "external",
"summary": "SUSE Bug 1130229 for CVE-2019-9903",
"url": "https://bugzilla.suse.com/1130229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2019-9903"
},
{
"cve": "CVE-2019-9959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9959"
}
],
"notes": [
{
"category": "general",
"text": "The JPXStream::init function in Poppler 0.78.0 and earlier doesn\u0027t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9959",
"url": "https://www.suse.com/security/cve/CVE-2019-9959"
},
{
"category": "external",
"summary": "SUSE Bug 1142465 for CVE-2019-9959",
"url": "https://bugzilla.suse.com/1142465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "low"
}
],
"title": "CVE-2019-9959"
},
{
"cve": "CVE-2020-27778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-27778"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the \u0027pdftohtml\u0027 program, would crash the application causing a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-27778",
"url": "https://www.suse.com/security/cve/CVE-2020-27778"
},
{
"category": "external",
"summary": "SUSE Bug 1179163 for CVE-2020-27778",
"url": "https://bugzilla.suse.com/1179163"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.aarch64",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.ppc64le",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.s390x",
"openSUSE Leap 15.3:libpoppler73-0.62.0-4.6.1.x86_64",
"openSUSE Leap 15.3:libpoppler73-32bit-0.62.0-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-12-01T15:59:12Z",
"details": "moderate"
}
],
"title": "CVE-2020-27778"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…