rpm package
opensuse/poppler-qt6&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/poppler-qt6&distro=openSUSE%20Leap%2015.4
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-38349 | — | < 22.01.0-150400.3.11.2 | 22.01.0-150400.3.11.2 | Aug 22, 2023 | An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. | ||
| CVE-2022-37052 | — | < 22.01.0-150400.3.16.1 | 22.01.0-150400.3.16.1 | Aug 22, 2023 | A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. | ||
| CVE-2022-37051 | — | < 22.01.0-150400.3.11.2 | 22.01.0-150400.3.11.2 | Aug 22, 2023 | An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | ||
| CVE-2022-37050 | — | < 22.01.0-150400.3.11.2 | 22.01.0-150400.3.11.2 | Aug 22, 2023 | In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incom | ||
| CVE-2023-34872 | — | < 22.01.0-150400.3.16.1 | 22.01.0-150400.3.16.1 | Jul 31, 2023 | A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. | ||
| CVE-2022-38784 | — | < 22.01.0-150400.3.3.1 | 22.01.0-150400.3.3.1 | Aug 30, 2022 | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu | ||
| CVE-2022-27337 | — | < 22.01.0-150400.3.6.1 | 22.01.0-150400.3.6.1 | May 5, 2022 | A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. |
- CVE-2022-38349Aug 22, 2023affected < 22.01.0-150400.3.11.2fixed 22.01.0-150400.3.11.2
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
- CVE-2022-37052Aug 22, 2023affected < 22.01.0-150400.3.16.1fixed 22.01.0-150400.3.16.1
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
- CVE-2022-37051Aug 22, 2023affected < 22.01.0-150400.3.11.2fixed 22.01.0-150400.3.11.2
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
- CVE-2022-37050Aug 22, 2023affected < 22.01.0-150400.3.11.2fixed 22.01.0-150400.3.11.2
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incom
- CVE-2023-34872Jul 31, 2023affected < 22.01.0-150400.3.16.1fixed 22.01.0-150400.3.16.1
A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.
- CVE-2022-38784Aug 30, 2022affected < 22.01.0-150400.3.3.1fixed 22.01.0-150400.3.3.1
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vu
- CVE-2022-27337May 5, 2022affected < 22.01.0-150400.3.6.1fixed 22.01.0-150400.3.6.1
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.