{"affected":[{"ecosystem_specific":{"binaries":[{"libpoppler44":"0.24.4-14.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP2","name":"poppler","purl":"pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.24.4-14.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler44":"0.24.4-14.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"poppler","purl":"pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.24.4-14.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler44":"0.24.4-14.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"poppler","purl":"pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.24.4-14.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler44":"0.24.4-14.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"poppler","purl":"pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.24.4-14.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler44":"0.24.4-14.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"poppler","purl":"pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.24.4-14.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for poppler fixes the following issues:\n\nSecurity issues fixed:\n- CVE-2017-9775: Fix a stack overflow bug in pdftocairo that could have been exploited in a denial\n  of service attack through a specially crafted PDF document. (bsc#1045719)\n- CVE-2017-9776: Fix an integer overflow bug that could have been exploited in a denial of service\n  attack through a specially crafted PDF document. (bsc#1045721)\n- CVE-2017-9408: Fix a memory leak that occurred when the parser tried to recover from a broken\n  input file. (bsc#1042802) \n\n","id":"SUSE-SU-2017:1998-1","modified":"2017-07-28T16:06:36Z","published":"2017-07-28T16:06:36Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20171998-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1042802"},{"type":"REPORT","url":"https://bugzilla.suse.com/1045719"},{"type":"REPORT","url":"https://bugzilla.suse.com/1045721"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9408"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9775"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-9776"}],"related":["CVE-2017-9408","CVE-2017-9775","CVE-2017-9776"],"summary":"Security update for poppler","upstream":["CVE-2017-9408","CVE-2017-9775","CVE-2017-9776"]}