libpoppler-cpp0-0.49.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10360-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libpoppler-cpp0-0.49.0-1.1 on GA media These are all security issues fixed in the libpoppler-cpp0-0.49.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10360 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-0799/ SUSE CVE CVE-2009-0799 page https://www.suse.com/security/cve/CVE-2009-0800/ SUSE CVE CVE-2009-0800 page https://www.suse.com/security/cve/CVE-2009-1179/ SUSE CVE CVE-2009-1179 page https://www.suse.com/security/cve/CVE-2009-1180/ SUSE CVE CVE-2009-1180 page https://www.suse.com/security/cve/CVE-2009-1181/ SUSE CVE CVE-2009-1181 page https://www.suse.com/security/cve/CVE-2009-1182/ SUSE CVE CVE-2009-1182 page https://www.suse.com/security/cve/CVE-2009-1183/ SUSE CVE CVE-2009-1183 page https://www.suse.com/security/cve/CVE-2009-1187/ SUSE CVE CVE-2009-1187 page https://www.suse.com/security/cve/CVE-2009-1188/ SUSE CVE CVE-2009-1188 page https://www.suse.com/security/cve/CVE-2009-3607/ SUSE CVE CVE-2009-3607 page https://www.suse.com/security/cve/CVE-2009-3608/ SUSE CVE CVE-2009-3608 page https://www.suse.com/security/cve/CVE-2013-1788/ SUSE CVE CVE-2013-1788 page https://www.suse.com/security/cve/CVE-2013-1789/ SUSE CVE CVE-2013-1789 page https://www.suse.com/security/cve/CVE-2013-1790/ SUSE CVE CVE-2013-1790 page https://www.suse.com/security/cve/CVE-2013-4473/ SUSE CVE CVE-2013-4473 page https://www.suse.com/security/cve/CVE-2013-4474/ SUSE CVE CVE-2013-4474 page openSUSE Tumbleweed libpoppler-cpp0-0.49.0-1.1 libpoppler-cpp0-32bit-0.49.0-1.1 libpoppler-devel-0.49.0-1.1 libpoppler-glib-devel-0.49.0-1.1 libpoppler-glib8-0.49.0-1.1 libpoppler-glib8-32bit-0.49.0-1.1 libpoppler-qt4-4-0.49.0-1.1 libpoppler-qt4-4-32bit-0.49.0-1.1 libpoppler-qt4-devel-0.49.0-1.1 libpoppler-qt5-1-0.49.0-1.1 libpoppler-qt5-1-32bit-0.49.0-1.1 libpoppler-qt5-devel-0.49.0-1.1 libpoppler65-0.49.0-1.1 libpoppler65-32bit-0.49.0-1.1 poppler-tools-0.49.0-1.1 typelib-1_0-Poppler-0_18-0.49.0-1.1 libpoppler-cpp0-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler-cpp0-32bit-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler-devel-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler-glib-devel-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler-glib8-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler-glib8-32bit-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler-qt4-4-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler-qt4-4-32bit-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler-qt4-devel-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler-qt5-1-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler-qt5-1-32bit-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler-qt5-devel-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler65-0.49.0-1.1 as a component of openSUSE Tumbleweed libpoppler65-32bit-0.49.0-1.1 as a component of openSUSE Tumbleweed poppler-tools-0.49.0-1.1 as a component of openSUSE Tumbleweed typelib-1_0-Poppler-0_18-0.49.0-1.1 as a component of openSUSE Tumbleweed The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. CVE-2009-0799 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-0799.html CVE-2009-0799 https://bugzilla.suse.com/487100 SUSE Bug 487100 Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-0800 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-0800.html CVE-2009-0800 https://bugzilla.suse.com/487100 SUSE Bug 487100 Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1179 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1179.html CVE-2009-1179 https://bugzilla.suse.com/487100 SUSE Bug 487100 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. CVE-2009-1180 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1180.html CVE-2009-1180 https://bugzilla.suse.com/487100 SUSE Bug 487100 The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. CVE-2009-1181 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1181.html CVE-2009-1181 https://bugzilla.suse.com/487100 SUSE Bug 487100 Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. CVE-2009-1182 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1182.html CVE-2009-1182 https://bugzilla.suse.com/487100 SUSE Bug 487100 The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. CVE-2009-1183 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1183.html CVE-2009-1183 https://bugzilla.suse.com/487100 SUSE Bug 487100 Integer overflow in the JBIG2 decoding feature in Poppler before 0.10.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to CairoOutputDev (CairoOutputDev.cc). CVE-2009-1187 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1187.html CVE-2009-1187 https://bugzilla.suse.com/487100 SUSE Bug 487100 https://bugzilla.suse.com/508153 SUSE Bug 508153 https://bugzilla.suse.com/508154 SUSE Bug 508154 https://bugzilla.suse.com/539875 SUSE Bug 539875 https://bugzilla.suse.com/566697 SUSE Bug 566697 Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. CVE-2009-1188 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1188.html CVE-2009-1188 https://bugzilla.suse.com/487100 SUSE Bug 487100 https://bugzilla.suse.com/508153 SUSE Bug 508153 https://bugzilla.suse.com/508154 SUSE Bug 508154 https://bugzilla.suse.com/539875 SUSE Bug 539875 https://bugzilla.suse.com/546400 SUSE Bug 546400 https://bugzilla.suse.com/566697 SUSE Bug 566697 Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. CVE-2009-3607 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3607.html CVE-2009-3607 https://bugzilla.suse.com/546393 SUSE Bug 546393 https://bugzilla.suse.com/566697 SUSE Bug 566697 Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. CVE-2009-3608 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-3608.html CVE-2009-3608 https://bugzilla.suse.com/543090 SUSE Bug 543090 https://bugzilla.suse.com/543410 SUSE Bug 543410 https://bugzilla.suse.com/546400 SUSE Bug 546400 https://bugzilla.suse.com/546404 SUSE Bug 546404 https://bugzilla.suse.com/556049 SUSE Bug 556049 https://bugzilla.suse.com/566697 SUSE Bug 566697 poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc. CVE-2013-1788 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1788.html CVE-2013-1788 https://bugzilla.suse.com/806793 SUSE Bug 806793 splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions. CVE-2013-1789 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1789.html CVE-2013-1789 https://bugzilla.suse.com/806793 SUSE Bug 806793 poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function. CVE-2013-1790 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-1790.html CVE-2013-1790 https://bugzilla.suse.com/806793 SUSE Bug 806793 Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. CVE-2013-4473 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4473.html CVE-2013-4473 https://bugzilla.suse.com/847907 SUSE Bug 847907 Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. CVE-2013-4474 openSUSE Tumbleweed:libpoppler-cpp0-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-cpp0-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-glib8-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-4-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt4-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-1-32bit-0.49.0-1.1 openSUSE Tumbleweed:libpoppler-qt5-devel-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-0.49.0-1.1 openSUSE Tumbleweed:libpoppler65-32bit-0.49.0-1.1 openSUSE Tumbleweed:poppler-tools-0.49.0-1.1 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-0.49.0-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4474.html CVE-2013-4474 https://bugzilla.suse.com/847907 SUSE Bug 847907