rpm package
suse/poppler&distro=SUSE Linux Enterprise Server for SAP Applications 11 SP4
pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-1000456 | — | < 0.12.3-1.13.3.2 | 0.12.3-1.13.3.2 | Jan 2, 2018 | freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | ||
| CVE-2017-15565 | Hig | 8.8 | < 0.12.3-1.13.3.2 | 0.12.3-1.13.3.2 | Oct 17, 2017 | In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | |
| CVE-2017-14977 | Hig | 7.5 | < 0.12.3-1.13.3.2 | 0.12.3-1.13.3.2 | Oct 2, 2017 | The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. | |
| CVE-2015-8868 | Hig | 7.8 | < 0.12.3-1.12.1 | 0.12.3-1.12.1 | May 6, 2016 | Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary |
- CVE-2017-1000456Jan 2, 2018affected < 0.12.3-1.13.3.2fixed 0.12.3-1.13.3.2
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
- affected < 0.12.3-1.13.3.2fixed 0.12.3-1.13.3.2
In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.
- affected < 0.12.3-1.13.3.2fixed 0.12.3-1.13.3.2
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack.
- affected < 0.12.3-1.12.1fixed 0.12.3-1.12.1
Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary