libpodofo-0_10-devel-0.10.5-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16583 Final 1 1 2025-09-04T00:00:00Z current 2025-09-04T00:00:00Z 2025-09-04T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libpodofo-0_10-devel-0.10.5-1.1 on GA media These are all security issues fixed in the libpodofo-0_10-devel-0.10.5-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16583 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-5852/ SUSE CVE CVE-2017-5852 page https://www.suse.com/security/cve/CVE-2017-5853/ SUSE CVE CVE-2017-5853 page https://www.suse.com/security/cve/CVE-2017-5854/ SUSE CVE CVE-2017-5854 page https://www.suse.com/security/cve/CVE-2017-5855/ SUSE CVE CVE-2017-5855 page https://www.suse.com/security/cve/CVE-2017-5886/ SUSE CVE CVE-2017-5886 page https://www.suse.com/security/cve/CVE-2017-6840/ SUSE CVE CVE-2017-6840 page https://www.suse.com/security/cve/CVE-2017-6844/ SUSE CVE CVE-2017-6844 page https://www.suse.com/security/cve/CVE-2017-6845/ SUSE CVE CVE-2017-6845 page https://www.suse.com/security/cve/CVE-2017-6847/ SUSE CVE CVE-2017-6847 page https://www.suse.com/security/cve/CVE-2017-7378/ SUSE CVE CVE-2017-7378 page https://www.suse.com/security/cve/CVE-2017-7379/ SUSE CVE CVE-2017-7379 page https://www.suse.com/security/cve/CVE-2017-7380/ SUSE CVE CVE-2017-7380 page https://www.suse.com/security/cve/CVE-2017-7381/ SUSE CVE CVE-2017-7381 page https://www.suse.com/security/cve/CVE-2017-7382/ SUSE CVE CVE-2017-7382 page https://www.suse.com/security/cve/CVE-2017-7383/ SUSE CVE CVE-2017-7383 page https://www.suse.com/security/cve/CVE-2017-7994/ SUSE CVE CVE-2017-7994 page https://www.suse.com/security/cve/CVE-2017-8054/ SUSE CVE CVE-2017-8054 page https://www.suse.com/security/cve/CVE-2017-8787/ SUSE CVE CVE-2017-8787 page https://www.suse.com/security/cve/CVE-2018-11255/ SUSE CVE CVE-2018-11255 page https://www.suse.com/security/cve/CVE-2018-11256/ SUSE CVE CVE-2018-11256 page https://www.suse.com/security/cve/CVE-2018-12982/ SUSE CVE CVE-2018-12982 page https://www.suse.com/security/cve/CVE-2018-12983/ SUSE CVE CVE-2018-12983 page https://www.suse.com/security/cve/CVE-2018-14320/ SUSE CVE CVE-2018-14320 page https://www.suse.com/security/cve/CVE-2018-20751/ SUSE CVE CVE-2018-20751 page https://www.suse.com/security/cve/CVE-2018-20797/ SUSE CVE CVE-2018-20797 page https://www.suse.com/security/cve/CVE-2018-5295/ SUSE CVE CVE-2018-5295 page https://www.suse.com/security/cve/CVE-2018-5296/ SUSE CVE CVE-2018-5296 page https://www.suse.com/security/cve/CVE-2018-5308/ SUSE CVE CVE-2018-5308 page https://www.suse.com/security/cve/CVE-2018-5309/ SUSE CVE CVE-2018-5309 page https://www.suse.com/security/cve/CVE-2018-5783/ SUSE CVE CVE-2018-5783 page https://www.suse.com/security/cve/CVE-2018-8001/ SUSE CVE CVE-2018-8001 page https://www.suse.com/security/cve/CVE-2019-10723/ SUSE CVE CVE-2019-10723 page https://www.suse.com/security/cve/CVE-2019-9687/ SUSE CVE CVE-2019-9687 page openSUSE Tumbleweed libpodofo-0_10-devel-0.10.5-1.1 libpodofo2-0.10.5-1.1 podofo-0_10-0.10.5-1.1 libpodofo-0_10-devel-0.10.5-1.1 as a component of openSUSE Tumbleweed libpodofo2-0.10.5-1.1 as a component of openSUSE Tumbleweed podofo-0_10-0.10.5-1.1 as a component of openSUSE Tumbleweed The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file. CVE-2017-5852 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5852.html CVE-2017-5852 https://bugzilla.suse.com/1023067 SUSE Bug 1023067 Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. CVE-2017-5853 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5853.html CVE-2017-5853 https://bugzilla.suse.com/1023069 SUSE Bug 1023069 base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. CVE-2017-5854 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5854.html CVE-2017-5854 https://bugzilla.suse.com/1023070 SUSE Bug 1023070 https://bugzilla.suse.com/1096890 SUSE Bug 1096890 The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. CVE-2017-5855 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5855.html CVE-2017-5855 https://bugzilla.suse.com/1023071 SUSE Bug 1023071 Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. CVE-2017-5886 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5886.html CVE-2017-5886 https://bugzilla.suse.com/1023380 SUSE Bug 1023380 https://bugzilla.suse.com/1084902 SUSE Bug 1084902 The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file. CVE-2017-6840 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-6840.html CVE-2017-6840 https://bugzilla.suse.com/1027787 SUSE Bug 1027787 Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. CVE-2017-6844 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-6844.html CVE-2017-6844 https://bugzilla.suse.com/1027782 SUSE Bug 1027782 The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. CVE-2017-6845 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-6845.html CVE-2017-6845 https://bugzilla.suse.com/1027779 SUSE Bug 1027779 https://bugzilla.suse.com/1027781 SUSE Bug 1027781 The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. CVE-2017-6847 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-6847.html CVE-2017-6847 https://bugzilla.suse.com/1027778 SUSE Bug 1027778 The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. CVE-2017-7378 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7378.html CVE-2017-7378 https://bugzilla.suse.com/1032017 SUSE Bug 1032017 The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncoding.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PDF document. CVE-2017-7379 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7379.html CVE-2017-7379 https://bugzilla.suse.com/1032018 SUSE Bug 1032018 The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. CVE-2017-7380 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7380.html CVE-2017-7380 https://bugzilla.suse.com/1032019 SUSE Bug 1032019 The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. CVE-2017-7381 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7381.html CVE-2017-7381 https://bugzilla.suse.com/1032019 SUSE Bug 1032019 https://bugzilla.suse.com/1032020 SUSE Bug 1032020 The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. CVE-2017-7382 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7382.html CVE-2017-7382 https://bugzilla.suse.com/1032019 SUSE Bug 1032019 https://bugzilla.suse.com/1032021 SUSE Bug 1032021 The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. CVE-2017-7383 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7383.html CVE-2017-7383 https://bugzilla.suse.com/1032019 SUSE Bug 1032019 https://bugzilla.suse.com/1032022 SUSE Bug 1032022 The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. CVE-2017-7994 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-7994.html CVE-2017-7994 https://bugzilla.suse.com/1035534 SUSE Bug 1035534 The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document. CVE-2017-8054 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-8054.html CVE-2017-8054 https://bugzilla.suse.com/1035596 SUSE Bug 1035596 https://bugzilla.suse.com/1094315 SUSE Bug 1094315 The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file. CVE-2017-8787 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-8787.html CVE-2017-8787 https://bugzilla.suse.com/1037739 SUSE Bug 1037739 An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. CVE-2018-11255 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-11255.html CVE-2018-11255 https://bugzilla.suse.com/1096890 SUSE Bug 1096890 An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. CVE-2018-11256 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-11256.html CVE-2018-11256 https://bugzilla.suse.com/1096889 SUSE Bug 1096889 Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file. CVE-2018-12982 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12982.html CVE-2018-12982 https://bugzilla.suse.com/1099720 SUSE Bug 1099720 A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. CVE-2018-12983 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-12983.html CVE-2018-12983 https://bugzilla.suse.com/1099719 SUSE Bug 1099719 This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673. CVE-2018-14320 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14320.html CVE-2018-14320 https://bugzilla.suse.com/1108764 SUSE Bug 1108764 An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference. CVE-2018-20751 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20751.html CVE-2018-20751 https://bugzilla.suse.com/1124357 SUSE Bug 1124357 An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp. CVE-2018-20797 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-20797.html CVE-2018-20797 https://bugzilla.suse.com/1127514 SUSE Bug 1127514 In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. CVE-2018-5295 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5295.html CVE-2018-5295 https://bugzilla.suse.com/1075026 SUSE Bug 1075026 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. CVE-2018-5296 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5296.html CVE-2018-5296 https://bugzilla.suse.com/1075021 SUSE Bug 1075021 PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. CVE-2018-5308 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5308.html CVE-2018-5308 https://bugzilla.suse.com/1075772 SUSE Bug 1075772 In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. CVE-2018-5309 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5309.html CVE-2018-5309 https://bugzilla.suse.com/1075322 SUSE Bug 1075322 In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. CVE-2018-5783 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-5783.html CVE-2018-5783 https://bugzilla.suse.com/1076962 SUSE Bug 1076962 In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. CVE-2018-8001 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-8001.html CVE-2018-8001 https://bugzilla.suse.com/1084894 SUSE Bug 1084894 An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated. CVE-2019-10723 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-10723.html CVE-2019-10723 https://bugzilla.suse.com/1131544 SUSE Bug 1131544 PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp. CVE-2019-9687 openSUSE Tumbleweed:libpodofo-0_10-devel-0.10.5-1.1 openSUSE Tumbleweed:libpodofo2-0.10.5-1.1 openSUSE Tumbleweed:podofo-0_10-0.10.5-1.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9687.html CVE-2019-9687 https://bugzilla.suse.com/1129290 SUSE Bug 1129290