libQt5Pdf5-5.15.16-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13462 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libQt5Pdf5-5.15.16-1.1 on GA media These are all security issues fixed in the libQt5Pdf5-5.15.16-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13462 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13462 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-4071/ SUSE CVE CVE-2023-4071 page https://www.suse.com/security/cve/CVE-2023-4074/ SUSE CVE CVE-2023-4074 page https://www.suse.com/security/cve/CVE-2023-4076/ SUSE CVE CVE-2023-4076 page https://www.suse.com/security/cve/CVE-2023-4351/ SUSE CVE CVE-2023-4351 page https://www.suse.com/security/cve/CVE-2023-4354/ SUSE CVE CVE-2023-4354 page https://www.suse.com/security/cve/CVE-2023-4362/ SUSE CVE CVE-2023-4362 page https://www.suse.com/security/cve/CVE-2023-45853/ SUSE CVE CVE-2023-45853 page https://www.suse.com/security/cve/CVE-2023-4762/ SUSE CVE CVE-2023-4762 page https://www.suse.com/security/cve/CVE-2023-4863/ SUSE CVE CVE-2023-4863 page https://www.suse.com/security/cve/CVE-2023-5217/ SUSE CVE CVE-2023-5217 page https://www.suse.com/security/cve/CVE-2023-5218/ SUSE CVE CVE-2023-5218 page https://www.suse.com/security/cve/CVE-2023-5482/ SUSE CVE CVE-2023-5482 page https://www.suse.com/security/cve/CVE-2023-5996/ SUSE CVE CVE-2023-5996 page openSUSE Tumbleweed libQt5Pdf5-5.15.16-1.1 libQt5PdfWidgets5-5.15.16-1.1 libqt5-qtpdf-devel-5.15.16-1.1 libqt5-qtpdf-examples-5.15.16-1.1 libqt5-qtpdf-imports-5.15.16-1.1 libqt5-qtpdf-private-headers-devel-5.15.16-1.1 libqt5-qtwebengine-5.15.16-1.1 libqt5-qtwebengine-devel-5.15.16-1.1 libqt5-qtwebengine-examples-5.15.16-1.1 libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 libQt5Pdf5-5.15.16-1.1 as a component of openSUSE Tumbleweed libQt5PdfWidgets5-5.15.16-1.1 as a component of openSUSE Tumbleweed libqt5-qtpdf-devel-5.15.16-1.1 as a component of openSUSE Tumbleweed libqt5-qtpdf-examples-5.15.16-1.1 as a component of openSUSE Tumbleweed libqt5-qtpdf-imports-5.15.16-1.1 as a component of openSUSE Tumbleweed libqt5-qtpdf-private-headers-devel-5.15.16-1.1 as a component of openSUSE Tumbleweed libqt5-qtwebengine-5.15.16-1.1 as a component of openSUSE Tumbleweed libqt5-qtwebengine-devel-5.15.16-1.1 as a component of openSUSE Tumbleweed libqt5-qtwebengine-examples-5.15.16-1.1 as a component of openSUSE Tumbleweed libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 as a component of openSUSE Tumbleweed Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-4071 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4071.html CVE-2023-4071 https://bugzilla.suse.com/1213920 SUSE Bug 1213920 Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-4074 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4074.html CVE-2023-4074 https://bugzilla.suse.com/1213920 SUSE Bug 1213920 Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) CVE-2023-4076 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4076.html CVE-2023-4076 https://bugzilla.suse.com/1213920 SUSE Bug 1213920 Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-4351 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4351.html CVE-2023-4351 https://bugzilla.suse.com/1214301 SUSE Bug 1214301 Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-4354 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4354.html CVE-2023-4354 https://bugzilla.suse.com/1214301 SUSE Bug 1214301 Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CVE-2023-4362 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4362.html CVE-2023-4362 https://bugzilla.suse.com/1214301 SUSE Bug 1214301 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. CVE-2023-45853 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-45853.html CVE-2023-45853 https://bugzilla.suse.com/1216378 SUSE Bug 1216378 Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) CVE-2023-4762 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4762.html CVE-2023-4762 https://bugzilla.suse.com/1215023 SUSE Bug 1215023 Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) CVE-2023-4863 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4863.html CVE-2023-4863 https://bugzilla.suse.com/1215231 SUSE Bug 1215231 https://bugzilla.suse.com/1217115 SUSE Bug 1217115 https://bugzilla.suse.com/1217117 SUSE Bug 1217117 Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-5217 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5217.html CVE-2023-5217 https://bugzilla.suse.com/1215776 SUSE Bug 1215776 https://bugzilla.suse.com/1215778 SUSE Bug 1215778 https://bugzilla.suse.com/1215814 SUSE Bug 1215814 https://bugzilla.suse.com/1217559 SUSE Bug 1217559 Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) CVE-2023-5218 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5218.html CVE-2023-5218 https://bugzilla.suse.com/1216111 SUSE Bug 1216111 Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) CVE-2023-5482 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5482.html CVE-2023-5482 https://bugzilla.suse.com/1216783 SUSE Bug 1216783 Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-5996 openSUSE Tumbleweed:libQt5Pdf5-5.15.16-1.1 openSUSE Tumbleweed:libQt5PdfWidgets5-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-imports-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtpdf-private-headers-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-devel-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-examples-5.15.16-1.1 openSUSE Tumbleweed:libqt5-qtwebengine-private-headers-devel-5.15.16-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5996.html CVE-2023-5996 https://bugzilla.suse.com/1216978 SUSE Bug 1216978