libpodofo-devel-0.10.3-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14278-1 Final 1 1 2024-08-20T00:00:00Z current 2024-08-20T00:00:00Z 2024-08-20T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libpodofo-devel-0.10.3-2.1 on GA media These are all security issues fixed in the libpodofo-devel-0.10.3-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14278 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-19532/ SUSE CVE CVE-2018-19532 page https://www.suse.com/security/cve/CVE-2019-20093/ SUSE CVE CVE-2019-20093 page https://www.suse.com/security/cve/CVE-2019-9199/ SUSE CVE CVE-2019-9199 page openSUSE Tumbleweed libpodofo-devel-0.10.3-2.1 libpodofo2-0.10.3-2.1 podofo-0.10.3-2.1 libpodofo-devel-0.10.3-2.1 as a component of openSUSE Tumbleweed libpodofo2-0.10.3-2.1 as a component of openSUSE Tumbleweed podofo-0.10.3-2.1 as a component of openSUSE Tumbleweed A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service. CVE-2018-19532 openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1 openSUSE Tumbleweed:libpodofo2-0.10.3-2.1 openSUSE Tumbleweed:podofo-0.10.3-2.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-19532.html CVE-2018-19532 https://bugzilla.suse.com/1117514 SUSE Bug 1117514 The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. CVE-2019-20093 openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1 openSUSE Tumbleweed:libpodofo2-0.10.3-2.1 openSUSE Tumbleweed:podofo-0.10.3-2.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-20093.html CVE-2019-20093 https://bugzilla.suse.com/1159921 SUSE Bug 1159921 PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. CVE-2019-9199 openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1 openSUSE Tumbleweed:libpodofo2-0.10.3-2.1 openSUSE Tumbleweed:podofo-0.10.3-2.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9199.html CVE-2019-9199 https://bugzilla.suse.com/1127855 SUSE Bug 1127855