SB2021120152 - SUSE update for poppler
Published: December 1, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) Uncontrolled recursion (CVE-ID: CVE-2017-18267)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc due to infinite recursion. A remote attacker can trick the victim into opening a specially crafted PDF file and cause the service to crash.
2) Buffer overflow (CVE-ID: CVE-2018-13988)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the image rendering functionality due to buffer overflow when handling malicious input. A remote unauthenticated attacker can trick the victim into opening a specially crafted PDF file, trigger memory corruption and cause the system to crash.
3) Improper input validation (CVE-ID: CVE-2018-16646)
The vulnerability allows a remote attacker to cause DoS condicion on the target system.
The vulnerability exists in the Parser::getObj() function, as defined in the Parser.cc source code file of the affected software due to improper processing of user-supplied input. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger an infinite recursion condition and cause the service to crash.
4) Memory leak (CVE-ID: CVE-2018-18897)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. A remote attacker can execute the pdftocairo command with a PDF file that submits malicious input, trigger memory leak and cause the service to crash.
5) Improper input validation (CVE-ID: CVE-2018-19058)
The vulnerability allows a remote attacker to cause DoS condicion on the target system.
The vulnerability exists in the EmbFile::save2 function due to insufficient stream checks by the EmbFile::save2 function, as defined in the FileSpec.cc source code file of the affected software, before an embedded file is saved. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger a reachable abort condition in the Object.h file and cause the service to crash.
6) Out-of-bounds read (CVE-ID: CVE-2018-19059)
The vulnerability allows a remote attacker to cause DoS condicion on the target system.
The vulnerability exists due to out-of-bounds read condition in the EmbFile::save2 function, as defined in the FileSpec.cc source code file after insufficient validation of embedded files before save attempts. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger out-of-bounds read condition and cause the service to crash.
7) NULL pointer dereference (CVE-ID: CVE-2018-19060)
The vulnerability allows a remote attacker to cause DoS condicion on the target system.
The vulnerability exists due to NULL pointer dereference condition in the GooString.h source code file when the filenames of embedded files are insufficiently validated before a save path is constructed. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger a NULL pointer dereference and cause the service to crash.
8) NULL pointer dereference (CVE-ID: CVE-2018-19149)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. A remote attacker can perform a denial of service (DoS) attack.
9) NULL pointer dereference (CVE-ID: CVE-2018-20481)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when XRef::getEntry in XRef.cc mishandles unallocated XRef entries. A remote attacker can trigger denial of service conditions via a specially crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
10) Reachable Assertion (CVE-ID: CVE-2018-20551)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable Object::getString assertion due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. A remote attacker can cause a denial of service.
11) Reachable Assertion (CVE-ID: CVE-2018-20650)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. A remote attacker can cause a denial of service.
12) Input validation error (CVE-ID: CVE-2018-20662)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a wrong return value from PDFDoc::setup when an xref data structure is mishandled during extractPDFSubtype processing. A remote attacker can trick the victim into opening a specially crafter PDF file cause application crash by Object.h SIGABRT.
13) Out-of-bounds read (CVE-ID: CVE-2019-10871)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the function PSOutputDev::checkPageSlice in PSOutputDev.cc. A remote attacker can perform a denial of service attack.
14) Out-of-bounds read (CVE-ID: CVE-2019-10872)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the function Splash::blitTransparent in splash/Splash.cc. A remote attacker can perform a denial of service attack.
15) Division by zero (CVE-ID: CVE-2019-14494)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to division by zero error when processing untrusted input in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. A remote attacker can create a specially crafted PDF file and crash the application.
16) Heap-based buffer over-read (CVE-ID: CVE-2019-7310)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an integer signedness error in the XRef::getEntry function in XRef.cc. A remote attacker can trick the victim into processing a specially crafted PDF document, as demonstrated by pdftocairo, trigger heap-based buffer over-read and perform a denial of service.
17) Heap-based buffer overflow (CVE-ID: CVE-2019-9200)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing PDF files in ImageStream::getLine() function in Stream.cc. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Out-of-bounds read (CVE-ID: CVE-2019-9631)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. A remote attacker can perform a denial of service attack.
19) Resource exhaustion (CVE-ID: CVE-2019-9903)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect processing of dict marking in PDFDoc::markObject() function in PDFDoc.cc file when processing PDF files. A remote attacker can pass specially crafted PDF file to the affected software that invokes pdfunite binary, trigger resource exhaustion and perform a denial of service (DoS) attack.
20) Integer overflow (CVE-ID: CVE-2019-9959)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the "JPXStream::init" function, caused by a failure to bounds-check user-supplied data before copying it to an undersized memory buffer. A remote attacker can supply crafted data to the system, trigger integer overflow and cause a denial of service condition on the targeted system.
21) Access of Uninitialized Pointer (CVE-ID: CVE-2020-27778)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error when converting PDF files to HTML. A remote attacker can trick the victim to convert a specially crafted file and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.