This update for poppler fixes the following issues :

These security issues were fixed :

  - CVE-2017-14517: Prevent NULL pointer dereference in the     XRef::parseEntry() function via a crafted PDF document     (bsc#1059066).

  - CVE-2017-9865: Fixed a stack-based buffer overflow     vulnerability in GfxState.cc that would have allowed     attackers to facilitate a denial-of-service attack via     specially crafted PDF documents. (bsc#1045939)

  - CVE-2017-14518: Remedy a floating point exception in     isImageInterpolationRequired() that could have been     exploited using a specially crafted PDF document.
    (bsc#1059101)

  - CVE-2017-14520: Remedy a floating point exception in     Splash::scaleImageYuXd() that could have been exploited     using a specially crafted PDF document. (bsc#1059155)

  - CVE-2017-14617: Fixed a floating point exception in     Stream.cc, which may lead to a potential attack when     handling malicious PDF files. (bsc#1060220)

  - CVE-2017-14928: Fixed a NULL pointer dereference in     AnnotRichMedia::Configuration::Configuration() in     Annot.cc, which may lead to a potential attack when     handling malicious PDF files. (bsc#1061092)

  - CVE-2017-14975: Fixed a NULL pointer dereference     vulnerability, that existed because a data structure in     FoFiType1C.cc was not initialized, which allowed an     attacker to launch a denial of service attack.
    (bsc#1061263)

  - CVE-2017-14976: Fixed a heap-based buffer over-read     vulnerability in FoFiType1C.cc that occurred when an     out-of-bounds font dictionary index was encountered,     which allowed an attacker to launch a denial of service     attack. (bsc#1061264)

  - CVE-2017-14977: Fixed a NULL pointer dereference     vulnerability in the FoFiTrueType::getCFFBlock()     function in FoFiTrueType.cc that occurred due to lack of     validation of a table pointer, which allows an attacker     to launch a denial of service attack. (bsc#1061265)

  - CVE-2017-15565: Prevent NULL pointer dereference in the     GfxImageColorMap::getGrayLine() function via a crafted     PDF document (bsc#1064593).

  - CVE-2017-1000456: Validate boundaries in     TextPool::addWord to prevent overflows in subsequent     calculations (bsc#1074453).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Detections

Analytics

openSUSE Security Update : poppler (openSUSE-2018-648)

high Nessus Plugin ID 110592

Version 1.5