{"affected":[{"ecosystem_specific":{"binaries":[{"cups-filters":"1.0.58-15.2.1","cups-filters-cups-browsed":"1.0.58-15.2.1","cups-filters-foomatic-rip":"1.0.58-15.2.1","cups-filters-ghostscript":"1.0.58-15.2.1","libqpdf18":"7.1.1-3.3.4","qpdf":"7.1.1-3.3.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"cups-filters","purl":"pkg:rpm/suse/cups-filters&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.58-15.2.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cups-filters":"1.0.58-15.2.1","cups-filters-cups-browsed":"1.0.58-15.2.1","cups-filters-foomatic-rip":"1.0.58-15.2.1","cups-filters-ghostscript":"1.0.58-15.2.1","libqpdf18":"7.1.1-3.3.4","qpdf":"7.1.1-3.3.4"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"qpdf","purl":"pkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"7.1.1-3.3.4"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\n  \nThis update for qpdf fixes the following issues:\n\nqpdf was updated to 7.1.1.\n\nSecurity issues fixed:\n\n- CVE-2017-11627: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050577).\n- CVE-2017-11625: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050579).\n- CVE-2017-11626: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050578).\n- CVE-2017-11624: A stack-consumption vulnerability which allows attackers to cause DoS (bsc#1050581).\n- CVE-2017-12595: Stack overflow when processing deeply nested arrays and dictionaries (bsc#1055960).\n- CVE-2017-9209: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040312).\n- CVE-2017-9210: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040313).\n- CVE-2017-9208: Remote attackers can cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document (bsc#1040311).\n\n  * Check release notes for detailed bug fixes.\n  * http://qpdf.sourceforge.net/files/qpdf-manual.html#ref.release-notes\n\n","id":"SUSE-SU-2018:3066-2","modified":"2018-10-18T12:42:17Z","published":"2018-10-18T12:42:17Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183066-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1040311"},{"type":"REPORT","url":"https://bugzilla.suse.com/1040312"},{"type":"REPORT","url":"https://bugzilla.suse.com/1040313"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050577"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050578"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050579"},{"type":"REPORT","url":"https://bugzilla.suse.com/1050581"},{"type":"REPORT","url":"https://bugzilla.suse.com/1055960"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11624"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11625"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11626"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-11627"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12595"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9208"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9209"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9210"}],"related":["CVE-2017-11624","CVE-2017-11625","CVE-2017-11626","CVE-2017-11627","CVE-2017-12595","CVE-2017-9208","CVE-2017-9209","CVE-2017-9210"],"summary":"Security update for qpdf","upstream":["CVE-2017-11624","CVE-2017-11625","CVE-2017-11626","CVE-2017-11627","CVE-2017-12595","CVE-2017-9208","CVE-2017-9209","CVE-2017-9210"]}