{"affected":[{"ecosystem_specific":{"binaries":[{"libpodofo-devel":"0.9.2-3.21.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","name":"podofo","purl":"pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.2-3.21.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpodofo0_9_2":"0.9.2-3.21.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP5","name":"podofo","purl":"pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.2-3.21.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for podofo fixes the following issues:\n\n - CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190)\n - CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787)\n - CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786)\n - CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785)\n - CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779)\n - CVE-2017-6849: Fixed NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) (bsc#1027776)\n - CVE-2017-8378: Fixed denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp) (bsc#1037000)  \n - CVE-2018-5308: Fixed Undefined behavior  (memcpy with NULL pointer) in PdfMemoryOutputStream::Write (src/base/PdfOutputStream.cpp) (bsc#1075772)\n - CVE-2019-10723: Fixed Memory leak in PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp (bsc#1131544)\n - CVE-2019-9199: Fixed NULL pointer dereference in function PoDoFo:Impose:PdfTranslator:setSource() in pdftranslator.cpp (bsc#1127855)\n\n - Fixed NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) (bsc#1023072)\n","id":"SUSE-SU-2024:3541-1","modified":"2024-10-08T08:33:37Z","published":"2024-10-08T08:33:37Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20243541-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1023072"},{"type":"REPORT","url":"https://bugzilla.suse.com/1023190"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027776"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027779"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027785"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027786"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027787"},{"type":"REPORT","url":"https://bugzilla.suse.com/1037000"},{"type":"REPORT","url":"https://bugzilla.suse.com/1075772"},{"type":"REPORT","url":"https://bugzilla.suse.com/1127855"},{"type":"REPORT","url":"https://bugzilla.suse.com/1131544"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8981"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-5854"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6840"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6841"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6842"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6845"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6849"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8378"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5308"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-10723"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9199"}],"related":["CVE-2015-8981","CVE-2017-5854","CVE-2017-6840","CVE-2017-6841","CVE-2017-6842","CVE-2017-6845","CVE-2017-6849","CVE-2017-8378","CVE-2018-5308","CVE-2019-10723","CVE-2019-9199"],"summary":"Security update for podofo","upstream":["CVE-2015-8981","CVE-2017-5854","CVE-2017-6840","CVE-2017-6841","CVE-2017-6842","CVE-2017-6845","CVE-2017-6849","CVE-2017-8378","CVE-2018-5308","CVE-2019-10723","CVE-2019-9199"]}