7 matches found
SUSE: Security Advisory (SUSE-SU-2023:0480-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:0494-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:0496-1 Security update for poppler
This update for poppler fixes the following issues: - CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool bsc1140877...
SUSE-SU-2023:0494-1 Security update for poppler
This update for poppler fixes the following issues: - CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder bsc1202692. - CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool bsc1140877...
SUSE SLES15: libpoppler-cpp0 / libpoppler-devel / libpoppler-glib-devel / etc (SUSE-SU-2023:0480-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0480-1 advisory. - CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder bsc1202692. - CVE-2019-13283: Fixed heap-based buffer...
SUSE-SU-2023:0480-1 Security update for poppler
This update for poppler fixes the following issues: - CVE-2022-38784: Fixed integer overflow in the JBIG2 decoder bsc1202692. - CVE-2019-13283: Fixed heap-based buffer over-read that could be triggered by sending a crafted PDF document to the pdftotext tool bsc1140877...
CVE-2019-13283
CVE-2019-13283 affects Xpdf 4.01.01 and is a heap-based over-read in FoFiType1::parse (FoFiType1.cc) triggered by crafted PDFs; the source string length isn’t validated before a fixed-length strncpy copy, enabling potential Denial of Service or information leakage via crafted PDFs (pdftotext). Re...