libpoppler-cpp0-21.08.0-1.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11181-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libpoppler-cpp0-21.08.0-1.3 on GA media These are all security issues fixed in the libpoppler-cpp0-21.08.0-1.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11181 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2006-0301/ SUSE CVE CVE-2006-0301 page https://www.suse.com/security/cve/CVE-2007-0104/ SUSE CVE CVE-2007-0104 page https://www.suse.com/security/cve/CVE-2007-4352/ SUSE CVE CVE-2007-4352 page https://www.suse.com/security/cve/CVE-2007-5392/ SUSE CVE CVE-2007-5392 page https://www.suse.com/security/cve/CVE-2007-5393/ SUSE CVE CVE-2007-5393 page https://www.suse.com/security/cve/CVE-2008-2950/ SUSE CVE CVE-2008-2950 page https://www.suse.com/security/cve/CVE-2017-14517/ SUSE CVE CVE-2017-14517 page https://www.suse.com/security/cve/CVE-2017-14518/ SUSE CVE CVE-2017-14518 page https://www.suse.com/security/cve/CVE-2017-7515/ SUSE CVE CVE-2017-7515 page openSUSE Tumbleweed libpoppler-cpp0-21.08.0-1.3 libpoppler-cpp0-32bit-21.08.0-1.3 libpoppler-devel-21.08.0-1.3 libpoppler-glib-devel-21.08.0-1.3 libpoppler-glib8-21.08.0-1.3 libpoppler-glib8-32bit-21.08.0-1.3 libpoppler112-21.08.0-1.3 libpoppler112-32bit-21.08.0-1.3 poppler-tools-21.08.0-1.3 typelib-1_0-Poppler-0_18-21.08.0-1.3 libpoppler-cpp0-21.08.0-1.3 as a component of openSUSE Tumbleweed libpoppler-cpp0-32bit-21.08.0-1.3 as a component of openSUSE Tumbleweed libpoppler-devel-21.08.0-1.3 as a component of openSUSE Tumbleweed libpoppler-glib-devel-21.08.0-1.3 as a component of openSUSE Tumbleweed libpoppler-glib8-21.08.0-1.3 as a component of openSUSE Tumbleweed libpoppler-glib8-32bit-21.08.0-1.3 as a component of openSUSE Tumbleweed libpoppler112-21.08.0-1.3 as a component of openSUSE Tumbleweed libpoppler112-32bit-21.08.0-1.3 as a component of openSUSE Tumbleweed poppler-tools-21.08.0-1.3 as a component of openSUSE Tumbleweed typelib-1_0-Poppler-0_18-21.08.0-1.3 as a component of openSUSE Tumbleweed Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. CVE-2006-0301 openSUSE Tumbleweed:libpoppler-cpp0-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-cpp0-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-32bit-21.08.0-1.3 openSUSE Tumbleweed:poppler-tools-21.08.0-1.3 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-21.08.0-1.3 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2006-0301.html CVE-2006-0301 https://bugzilla.suse.com/141242 SUSE Bug 141242 https://bugzilla.suse.com/233113 SUSE Bug 233113 https://bugzilla.suse.com/243010 SUSE Bug 243010 The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. CVE-2007-0104 openSUSE Tumbleweed:libpoppler-cpp0-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-cpp0-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-32bit-21.08.0-1.3 openSUSE Tumbleweed:poppler-tools-21.08.0-1.3 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-21.08.0-1.3 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-0104.html CVE-2007-0104 https://bugzilla.suse.com/233113 SUSE Bug 233113 https://bugzilla.suse.com/234492 SUSE Bug 234492 Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. CVE-2007-4352 openSUSE Tumbleweed:libpoppler-cpp0-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-cpp0-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-32bit-21.08.0-1.3 openSUSE Tumbleweed:poppler-tools-21.08.0-1.3 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-21.08.0-1.3 important 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-4352.html CVE-2007-4352 https://bugzilla.suse.com/335637 SUSE Bug 335637 Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. CVE-2007-5392 openSUSE Tumbleweed:libpoppler-cpp0-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-cpp0-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-32bit-21.08.0-1.3 openSUSE Tumbleweed:poppler-tools-21.08.0-1.3 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-21.08.0-1.3 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-5392.html CVE-2007-5392 https://bugzilla.suse.com/335637 SUSE Bug 335637 Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. CVE-2007-5393 openSUSE Tumbleweed:libpoppler-cpp0-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-cpp0-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-32bit-21.08.0-1.3 openSUSE Tumbleweed:poppler-tools-21.08.0-1.3 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-21.08.0-1.3 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2007-5393.html CVE-2007-5393 https://bugzilla.suse.com/335637 SUSE Bug 335637 The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document. CVE-2008-2950 openSUSE Tumbleweed:libpoppler-cpp0-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-cpp0-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-32bit-21.08.0-1.3 openSUSE Tumbleweed:poppler-tools-21.08.0-1.3 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-21.08.0-1.3 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2008-2950.html CVE-2008-2950 https://bugzilla.suse.com/404955 SUSE Bug 404955 In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. CVE-2017-14517 openSUSE Tumbleweed:libpoppler-cpp0-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-cpp0-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-32bit-21.08.0-1.3 openSUSE Tumbleweed:poppler-tools-21.08.0-1.3 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-21.08.0-1.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14517.html CVE-2017-14517 https://bugzilla.suse.com/1059066 SUSE Bug 1059066 In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. CVE-2017-14518 openSUSE Tumbleweed:libpoppler-cpp0-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-cpp0-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-32bit-21.08.0-1.3 openSUSE Tumbleweed:poppler-tools-21.08.0-1.3 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-21.08.0-1.3 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-14518.html CVE-2017-14518 https://bugzilla.suse.com/1059101 SUSE Bug 1059101 poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service. CVE-2017-7515 openSUSE Tumbleweed:libpoppler-cpp0-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-cpp0-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib-devel-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-21.08.0-1.3 openSUSE Tumbleweed:libpoppler-glib8-32bit-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-21.08.0-1.3 openSUSE Tumbleweed:libpoppler112-32bit-21.08.0-1.3 openSUSE Tumbleweed:poppler-tools-21.08.0-1.3 openSUSE Tumbleweed:typelib-1_0-Poppler-0_18-21.08.0-1.3 low 1.7 AV:L/AC:L/Au:S/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7515.html CVE-2017-7515 https://bugzilla.suse.com/1043088 SUSE Bug 1043088