SB2023072084 - SUSE update for poppler 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023072084

SB2023072084 - SUSE update for poppler

Published: July 20, 2023

Security Bulletin ID SB2023072084
Severity
High
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 7% Medium 7% Low 86%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.


1) Uncontrolled recursion (CVE-ID: CVE-2017-18267)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc due to infinite recursion. A remote attacker can trick the victim into opening a specially crafted PDF file and cause the service to crash.

2) Buffer overflow (CVE-ID: CVE-2018-13988)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the image rendering functionality due to buffer overflow when handling malicious input. A remote unauthenticated attacker can trick the victim into opening a specially crafted PDF file, trigger memory corruption and cause the system to crash.


3) Improper input validation (CVE-ID: CVE-2018-16646)

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists in the Parser::getObj() function, as defined in the Parser.cc source code file of the affected software due to improper processing of user-supplied input. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger an infinite recursion condition and cause the service to crash.


4) Memory leak (CVE-ID: CVE-2018-18897)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. A remote attacker can execute the pdftocairo command with a PDF file that submits malicious input, trigger memory leak and cause the service to crash.


5) Improper input validation (CVE-ID: CVE-2018-19058)

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists in the EmbFile::save2 function due to insufficient stream checks by the EmbFile::save2 function, as defined in the FileSpec.cc source code file of the affected software, before an embedded file is saved. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger a reachable abort condition in the Object.h file and cause the service to crash.


6) Out-of-bounds read (CVE-ID: CVE-2018-19059)

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists due to out-of-bounds read condition in the EmbFile::save2 function, as defined in the FileSpec.cc source code file after insufficient validation of embedded files before save attempts. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger out-of-bounds read condition and cause the service to crash.


7) NULL pointer dereference (CVE-ID: CVE-2018-19060)

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists due to NULL pointer dereference condition in the GooString.h source code file when the filenames of embedded files are insufficiently validated before a save path is constructed. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger a NULL pointer dereference and cause the service to crash.


8) NULL pointer dereference (CVE-ID: CVE-2018-19149)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. A remote attacker can perform a denial of service (DoS) attack.


9) NULL pointer dereference (CVE-ID: CVE-2018-20481)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when XRef::getEntry in XRef.cc mishandles unallocated XRef entries. A remote attacker can trigger denial of service conditions via a specially crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.


10) Reachable Assertion (CVE-ID: CVE-2018-20650)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. A remote attacker can cause a denial of service.


11) Integer overflow (CVE-ID: CVE-2018-21009)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in Parser::makeStream() function in Parser.cc. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


12) Out-of-bounds read (CVE-ID: CVE-2019-12293)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in JPXStream::init() function in JPEG2000Stream.cc via data with inconsistent heights or widths. A remote attacker can perform a denial of service attack.


13) Heap-based buffer over-read (CVE-ID: CVE-2019-7310)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an integer signedness error in the XRef::getEntry function in XRef.cc. A remote attacker can trick the victim into processing a specially crafted PDF document, as demonstrated by pdftocairo, trigger heap-based buffer over-read and perform a denial of service.

14) Input validation error (CVE-ID: CVE-2022-27337)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Hints::Hints() function when processing PDF files. A remote attacker can pass specially crafted PDF file to the application and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References