{"affected":[{"ecosystem_specific":{"binaries":[{"libpoppler-devel":"0.12.3-1.13.3.2","libpoppler-glib-devel":"0.12.3-1.13.3.2","libpoppler-qt2":"0.12.3-1.13.3.2","libpoppler-qt3-devel":"0.12.3-1.13.3.2","libpoppler-qt4-devel":"0.12.3-1.13.3.2","poppler-tools":"0.12.3-1.13.3.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"poppler","purl":"pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.12.3-1.13.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler-glib4":"0.12.3-1.13.3.2","libpoppler-qt4-3":"0.12.3-1.13.3.2","libpoppler5":"0.12.3-1.13.3.2","poppler-tools":"0.12.3-1.13.3.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"poppler","purl":"pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.12.3-1.13.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpoppler-glib4":"0.12.3-1.13.3.2","libpoppler-qt4-3":"0.12.3-1.13.3.2","libpoppler5":"0.12.3-1.13.3.2","poppler-tools":"0.12.3-1.13.3.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"poppler","purl":"pkg:rpm/suse/poppler&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.12.3-1.13.3.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for poppler fixes the following issues:\n\n- CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the\n  FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred due to\n  lack of validation of a table pointer, which allows an attacker to launch a\n  denial of service attack. (bsc#1061265)\n- CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent\n  overflows in subsequent calculations (bsc#1074453)\n- CVE-2017-15565: Prevent NULL Pointer dereference in the\n  GfxImageColorMap::getGrayLine() function via a crafted PDF document\n  (bsc#1064593)\n","id":"SUSE-SU-2018:1691-1","modified":"2018-06-14T10:16:21Z","published":"2018-06-14T10:16:21Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181691-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1061265"},{"type":"REPORT","url":"https://bugzilla.suse.com/1064593"},{"type":"REPORT","url":"https://bugzilla.suse.com/1074453"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-1000456"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14977"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15565"}],"related":["CVE-2017-1000456","CVE-2017-14977","CVE-2017-15565"],"summary":"Security update for poppler","upstream":["CVE-2017-1000456","CVE-2017-14977","CVE-2017-15565"]}