SUSE update for poppler

Published: 2023-11-06

Risk	High
Patch available	YES
Number of vulnerabilities	9
CVE-ID	CVE-2018-18454 CVE-2018-18456 CVE-2019-13287 CVE-2019-14292 CVE-2019-9545 CVE-2019-9631 CVE-2020-36023 CVE-2022-37052 CVE-2022-48545
CWE-ID	CWE-125 CWE-121 CWE-119 CWE-835 CWE-617
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available.
Vulnerable software	SUSE Linux Enterprise Software Development Kit 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system libpoppler-qt4-4-debuginfo Operating systems & Components / Operating system package or component libpoppler60 Operating systems & Components / Operating system package or component libpoppler-glib8-debuginfo Operating systems & Components / Operating system package or component libpoppler-qt4-4 Operating systems & Components / Operating system package or component libpoppler-glib8 Operating systems & Components / Operating system package or component libpoppler60-debuginfo Operating systems & Components / Operating system package or component poppler-tools Operating systems & Components / Operating system package or component poppler-tools-debuginfo Operating systems & Components / Operating system package or component libpoppler-devel Operating systems & Components / Operating system package or component typelib-1_0-Poppler-0_18 Operating systems & Components / Operating system package or component libpoppler-glib-devel Operating systems & Components / Operating system package or component libpoppler-qt4-devel Operating systems & Components / Operating system package or component libpoppler-cpp0 Operating systems & Components / Operating system package or component poppler-debugsource Operating systems & Components / Operating system package or component libpoppler-cpp0-debuginfo Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU36489

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-18454

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

Mitigation

Update the affected package poppler to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

libpoppler-qt4-4-debuginfo: before 0.43.0-16.40.1

libpoppler60: before 0.43.0-16.40.1

libpoppler-glib8-debuginfo: before 0.43.0-16.40.1

libpoppler-qt4-4: before 0.43.0-16.40.1

libpoppler-glib8: before 0.43.0-16.40.1

libpoppler60-debuginfo: before 0.43.0-16.40.1

poppler-tools: before 0.43.0-16.40.1

poppler-tools-debuginfo: before 0.43.0-16.40.1

libpoppler-devel: before 0.43.0-16.40.1

typelib-1_0-Poppler-0_18: before 0.43.0-16.40.1

libpoppler-glib-devel: before 0.43.0-16.40.1

libpoppler-qt4-devel: before 0.43.0-16.40.1

libpoppler-cpp0: before 0.43.0-16.40.1

poppler-debugsource: before 0.43.0-16.40.1

libpoppler-cpp0-debuginfo: before 0.43.0-16.40.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Stack-based buffer overflow

EUVDB-ID: #VU36491

Risk: Medium

CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-18456

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a crafted pdf file, as demonstrated by pdftoppm. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package poppler to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

libpoppler-qt4-4-debuginfo: before 0.43.0-16.40.1

libpoppler60: before 0.43.0-16.40.1

libpoppler-glib8-debuginfo: before 0.43.0-16.40.1

libpoppler-qt4-4: before 0.43.0-16.40.1

libpoppler-glib8: before 0.43.0-16.40.1

libpoppler60-debuginfo: before 0.43.0-16.40.1

poppler-tools: before 0.43.0-16.40.1

poppler-tools-debuginfo: before 0.43.0-16.40.1

libpoppler-devel: before 0.43.0-16.40.1

typelib-1_0-Poppler-0_18: before 0.43.0-16.40.1

libpoppler-glib-devel: before 0.43.0-16.40.1

libpoppler-qt4-devel: before 0.43.0-16.40.1

libpoppler-cpp0: before 0.43.0-16.40.1

poppler-debugsource: before 0.43.0-16.40.1

libpoppler-cpp0-debuginfo: before 0.43.0-16.40.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU19537

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-13287

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the function SplashXPath::strokeAdjust() in splash/SplashXPath.cc. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system or crash the application.

Mitigation

Update the affected package poppler to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

libpoppler-qt4-4-debuginfo: before 0.43.0-16.40.1

libpoppler60: before 0.43.0-16.40.1

libpoppler-glib8-debuginfo: before 0.43.0-16.40.1

libpoppler-qt4-4: before 0.43.0-16.40.1

libpoppler-glib8: before 0.43.0-16.40.1

libpoppler60-debuginfo: before 0.43.0-16.40.1

poppler-tools: before 0.43.0-16.40.1

poppler-tools-debuginfo: before 0.43.0-16.40.1

libpoppler-devel: before 0.43.0-16.40.1

typelib-1_0-Poppler-0_18: before 0.43.0-16.40.1

libpoppler-glib-devel: before 0.43.0-16.40.1

libpoppler-qt4-devel: before 0.43.0-16.40.1

libpoppler-cpp0: before 0.43.0-16.40.1

poppler-debugsource: before 0.43.0-16.40.1

libpoppler-cpp0-debuginfo: before 0.43.0-16.40.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Out-of-bounds read

EUVDB-ID: #VU19535

Risk: Low

CVSSv4.0: 1.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2019-14292

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a boundary condition within the GfxPatchMeshShading::parse function in GfxState.cc for typeA!=6 case 1. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.

Mitigation

Update the affected package poppler to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

libpoppler-qt4-4-debuginfo: before 0.43.0-16.40.1

libpoppler60: before 0.43.0-16.40.1

libpoppler-glib8-debuginfo: before 0.43.0-16.40.1

libpoppler-qt4-4: before 0.43.0-16.40.1

libpoppler-glib8: before 0.43.0-16.40.1

libpoppler60-debuginfo: before 0.43.0-16.40.1

poppler-tools: before 0.43.0-16.40.1

poppler-tools-debuginfo: before 0.43.0-16.40.1

libpoppler-devel: before 0.43.0-16.40.1

typelib-1_0-Poppler-0_18: before 0.43.0-16.40.1

libpoppler-glib-devel: before 0.43.0-16.40.1

libpoppler-qt4-devel: before 0.43.0-16.40.1

libpoppler-cpp0: before 0.43.0-16.40.1

poppler-debugsource: before 0.43.0-16.40.1

libpoppler-cpp0-debuginfo: before 0.43.0-16.40.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Buffer overflow

EUVDB-ID: #VU19603

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2019-9545

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PDF files within the JBIG2Stream::readTextRegion() function in JBIG2Stream.cc. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package poppler to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

libpoppler-qt4-4-debuginfo: before 0.43.0-16.40.1

libpoppler60: before 0.43.0-16.40.1

libpoppler-glib8-debuginfo: before 0.43.0-16.40.1

libpoppler-qt4-4: before 0.43.0-16.40.1

libpoppler-glib8: before 0.43.0-16.40.1

libpoppler60-debuginfo: before 0.43.0-16.40.1

poppler-tools: before 0.43.0-16.40.1

poppler-tools-debuginfo: before 0.43.0-16.40.1

libpoppler-devel: before 0.43.0-16.40.1

typelib-1_0-Poppler-0_18: before 0.43.0-16.40.1

libpoppler-glib-devel: before 0.43.0-16.40.1

libpoppler-qt4-devel: before 0.43.0-16.40.1

libpoppler-cpp0: before 0.43.0-16.40.1

poppler-debugsource: before 0.43.0-16.40.1

libpoppler-cpp0-debuginfo: before 0.43.0-16.40.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU19601

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-9631

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. A remote attacker can perform a denial of service attack.

Mitigation

Update the affected package poppler to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

libpoppler-qt4-4-debuginfo: before 0.43.0-16.40.1

libpoppler60: before 0.43.0-16.40.1

libpoppler-glib8-debuginfo: before 0.43.0-16.40.1

libpoppler-qt4-4: before 0.43.0-16.40.1

libpoppler-glib8: before 0.43.0-16.40.1

libpoppler60-debuginfo: before 0.43.0-16.40.1

poppler-tools: before 0.43.0-16.40.1

poppler-tools-debuginfo: before 0.43.0-16.40.1

libpoppler-devel: before 0.43.0-16.40.1

typelib-1_0-Poppler-0_18: before 0.43.0-16.40.1

libpoppler-glib-devel: before 0.43.0-16.40.1

libpoppler-qt4-devel: before 0.43.0-16.40.1

libpoppler-cpp0: before 0.43.0-16.40.1

poppler-debugsource: before 0.43.0-16.40.1

libpoppler-cpp0-debuginfo: before 0.43.0-16.40.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Infinite loop

EUVDB-ID: #VU79769

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-36023

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the FoFiType1C::cvtGlyph() function. A remote attacker can pass a specially crafted PDF file to the server, consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package poppler to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

libpoppler-qt4-4-debuginfo: before 0.43.0-16.40.1

libpoppler60: before 0.43.0-16.40.1

libpoppler-glib8-debuginfo: before 0.43.0-16.40.1

libpoppler-qt4-4: before 0.43.0-16.40.1

libpoppler-glib8: before 0.43.0-16.40.1

libpoppler60-debuginfo: before 0.43.0-16.40.1

poppler-tools: before 0.43.0-16.40.1

poppler-tools-debuginfo: before 0.43.0-16.40.1

libpoppler-devel: before 0.43.0-16.40.1

typelib-1_0-Poppler-0_18: before 0.43.0-16.40.1

libpoppler-glib-devel: before 0.43.0-16.40.1

libpoppler-qt4-devel: before 0.43.0-16.40.1

libpoppler-cpp0: before 0.43.0-16.40.1

poppler-debugsource: before 0.43.0-16.40.1

libpoppler-cpp0-debuginfo: before 0.43.0-16.40.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Reachable Assertion

EUVDB-ID: #VU82597

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-37052

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in Object::getString(). A remote attacker can trick the victim to open a specially crafted file and crash the application.

Mitigation

Update the affected package poppler to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

libpoppler-qt4-4-debuginfo: before 0.43.0-16.40.1

libpoppler60: before 0.43.0-16.40.1

libpoppler-glib8-debuginfo: before 0.43.0-16.40.1

libpoppler-qt4-4: before 0.43.0-16.40.1

libpoppler-glib8: before 0.43.0-16.40.1

libpoppler60-debuginfo: before 0.43.0-16.40.1

poppler-tools: before 0.43.0-16.40.1

poppler-tools-debuginfo: before 0.43.0-16.40.1

libpoppler-devel: before 0.43.0-16.40.1

typelib-1_0-Poppler-0_18: before 0.43.0-16.40.1

libpoppler-glib-devel: before 0.43.0-16.40.1

libpoppler-qt4-devel: before 0.43.0-16.40.1

libpoppler-cpp0: before 0.43.0-16.40.1

poppler-debugsource: before 0.43.0-16.40.1

libpoppler-cpp0-debuginfo: before 0.43.0-16.40.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Infinite loop

EUVDB-ID: #VU82765

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48545

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the Catalog::findDestInTree() function. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package poppler to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

libpoppler-qt4-4-debuginfo: before 0.43.0-16.40.1

libpoppler60: before 0.43.0-16.40.1

libpoppler-glib8-debuginfo: before 0.43.0-16.40.1

libpoppler-qt4-4: before 0.43.0-16.40.1

libpoppler-glib8: before 0.43.0-16.40.1

libpoppler60-debuginfo: before 0.43.0-16.40.1

poppler-tools: before 0.43.0-16.40.1

poppler-tools-debuginfo: before 0.43.0-16.40.1

libpoppler-devel: before 0.43.0-16.40.1

typelib-1_0-Poppler-0_18: before 0.43.0-16.40.1

libpoppler-glib-devel: before 0.43.0-16.40.1

libpoppler-qt4-devel: before 0.43.0-16.40.1

libpoppler-cpp0: before 0.43.0-16.40.1

poppler-debugsource: before 0.43.0-16.40.1

libpoppler-cpp0-debuginfo: before 0.43.0-16.40.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.