libQt5Pdf5-5.15.11-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12395-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libQt5Pdf5-5.15.11-1.1 on GA media These are all security issues fixed in the libQt5Pdf5-5.15.11-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12395 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-0796/ SUSE CVE CVE-2022-0796 page https://www.suse.com/security/cve/CVE-2022-1855/ SUSE CVE CVE-2022-1855 page https://www.suse.com/security/cve/CVE-2022-1857/ SUSE CVE CVE-2022-1857 page https://www.suse.com/security/cve/CVE-2022-2008/ SUSE CVE CVE-2022-2008 page https://www.suse.com/security/cve/CVE-2022-2010/ SUSE CVE CVE-2022-2010 page https://www.suse.com/security/cve/CVE-2022-2158/ SUSE CVE CVE-2022-2158 page https://www.suse.com/security/cve/CVE-2022-2160/ SUSE CVE CVE-2022-2160 page https://www.suse.com/security/cve/CVE-2022-2162/ SUSE CVE CVE-2022-2162 page https://www.suse.com/security/cve/CVE-2022-2294/ SUSE CVE CVE-2022-2294 page https://www.suse.com/security/cve/CVE-2022-2295/ SUSE CVE CVE-2022-2295 page https://www.suse.com/security/cve/CVE-2022-2477/ SUSE CVE CVE-2022-2477 page https://www.suse.com/security/cve/CVE-2022-2610/ SUSE CVE CVE-2022-2610 page https://www.suse.com/security/cve/CVE-2022-27404/ SUSE CVE CVE-2022-27404 page https://www.suse.com/security/cve/CVE-2022-27405/ SUSE CVE CVE-2022-27405 page https://www.suse.com/security/cve/CVE-2022-27406/ SUSE CVE CVE-2022-27406 page openSUSE Tumbleweed libQt5Pdf5-5.15.11-1.1 libQt5PdfWidgets5-5.15.11-1.1 libqt5-qtpdf-devel-5.15.11-1.1 libqt5-qtpdf-examples-5.15.11-1.1 libqt5-qtpdf-imports-5.15.11-1.1 libqt5-qtpdf-private-headers-devel-5.15.11-1.1 libqt5-qtwebengine-5.15.11-1.1 libqt5-qtwebengine-devel-5.15.11-1.1 libqt5-qtwebengine-examples-5.15.11-1.1 libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 libQt5Pdf5-5.15.11-1.1 as a component of openSUSE Tumbleweed libQt5PdfWidgets5-5.15.11-1.1 as a component of openSUSE Tumbleweed libqt5-qtpdf-devel-5.15.11-1.1 as a component of openSUSE Tumbleweed libqt5-qtpdf-examples-5.15.11-1.1 as a component of openSUSE Tumbleweed libqt5-qtpdf-imports-5.15.11-1.1 as a component of openSUSE Tumbleweed libqt5-qtpdf-private-headers-devel-5.15.11-1.1 as a component of openSUSE Tumbleweed libqt5-qtwebengine-5.15.11-1.1 as a component of openSUSE Tumbleweed libqt5-qtwebengine-devel-5.15.11-1.1 as a component of openSUSE Tumbleweed libqt5-qtwebengine-examples-5.15.11-1.1 as a component of openSUSE Tumbleweed libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 as a component of openSUSE Tumbleweed Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-0796 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-0796.html CVE-2022-0796 https://bugzilla.suse.com/1196641 SUSE Bug 1196641 Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-1855 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1855.html CVE-2022-1855 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. CVE-2022-1857 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1857.html CVE-2022-1857 https://bugzilla.suse.com/1199893 SUSE Bug 1199893 Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2008 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2008.html CVE-2022-2008 https://bugzilla.suse.com/1200423 SUSE Bug 1200423 Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. CVE-2022-2010 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2010.html CVE-2022-2010 https://bugzilla.suse.com/1200423 SUSE Bug 1200423 Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2158 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2158.html CVE-2022-2158 https://bugzilla.suse.com/1200783 SUSE Bug 1200783 Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page. CVE-2022-2160 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2160.html CVE-2022-2160 https://bugzilla.suse.com/1200783 SUSE Bug 1200783 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. CVE-2022-2162 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2162.html CVE-2022-2162 https://bugzilla.suse.com/1200783 SUSE Bug 1200783 Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2294 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2294.html CVE-2022-2294 https://bugzilla.suse.com/1201216 SUSE Bug 1201216 https://bugzilla.suse.com/1201980 SUSE Bug 1201980 Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2295 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2295.html CVE-2022-2295 https://bugzilla.suse.com/1201216 SUSE Bug 1201216 Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. CVE-2022-2477 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2477.html CVE-2022-2477 https://bugzilla.suse.com/1201679 SUSE Bug 1201679 Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2022-2610 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2610.html CVE-2022-2610 https://bugzilla.suse.com/1202075 SUSE Bug 1202075 FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. CVE-2022-27404 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-27404.html CVE-2022-27404 https://bugzilla.suse.com/1198830 SUSE Bug 1198830 FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. CVE-2022-27405 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-27405.html CVE-2022-27405 https://bugzilla.suse.com/1198832 SUSE Bug 1198832 FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. CVE-2022-27406 openSUSE Tumbleweed:libQt5Pdf5-5.15.11-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.11-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.11-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-27406.html CVE-2022-27406 https://bugzilla.suse.com/1198823 SUSE Bug 1198823