Security update for poppler SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1900-1 Final 1 1 2024-06-03T13:26:22Z current 2024-06-03T13:26:22Z 2024-06-03T13:26:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for poppler This update for poppler fixes the following issues: - CVE-2024-4141: Fixed out-of-bounds array write (bsc#1223375). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1900,SUSE-SLE-Product-WE-15-SP5-2024-1900 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241900-1/ Link for SUSE-SU-2024:1900-1 https://lists.suse.com/pipermail/sle-updates/2024-June/035470.html E-Mail link for SUSE-SU-2024:1900-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1223375 SUSE Bug 1223375 https://www.suse.com/security/cve/CVE-2024-4141/ SUSE CVE CVE-2024-4141 page SUSE Linux Enterprise Workstation Extension 15 SP5 libpoppler-cpp0-22.01.0-150400.3.19.1 libpoppler-cpp0-32bit-22.01.0-150400.3.19.1 libpoppler-cpp0-64bit-22.01.0-150400.3.19.1 libpoppler-devel-22.01.0-150400.3.19.1 libpoppler-glib-devel-22.01.0-150400.3.19.1 libpoppler-glib8-22.01.0-150400.3.19.1 libpoppler-glib8-32bit-22.01.0-150400.3.19.1 libpoppler-glib8-64bit-22.01.0-150400.3.19.1 libpoppler-qt5-1-22.01.0-150400.3.19.1 libpoppler-qt5-1-32bit-22.01.0-150400.3.19.1 libpoppler-qt5-1-64bit-22.01.0-150400.3.19.1 libpoppler-qt5-devel-22.01.0-150400.3.19.1 libpoppler-qt6-3-22.01.0-150400.3.19.1 libpoppler-qt6-devel-22.01.0-150400.3.19.1 libpoppler117-22.01.0-150400.3.19.1 libpoppler117-32bit-22.01.0-150400.3.19.1 libpoppler117-64bit-22.01.0-150400.3.19.1 poppler-tools-22.01.0-150400.3.19.1 typelib-1_0-Poppler-0_18-22.01.0-150400.3.19.1 libpoppler117-22.01.0-150400.3.19.1 as a component of SUSE Linux Enterprise Workstation Extension 15 SP5 Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. CVE-2024-4141 SUSE Linux Enterprise Workstation Extension 15 SP5:libpoppler117-22.01.0-150400.3.19.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241900-1/ https://www.suse.com/security/cve/CVE-2024-4141.html CVE-2024-4141 https://bugzilla.suse.com/1223375 SUSE Bug 1223375