14 lines
1.8 KiB
JSON
14 lines
1.8 KiB
JSON
{
|
|
"id": "openEuler-SA-2023-1613",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1613",
|
|
"title": "An update for poppler is now available for openEuler-22.03-LTS",
|
|
"severity": "High",
|
|
"description": "Poppler is a free software utility library for rendering Portable Document Format (PDF) documents. \\ Its development is supported by freedesktop.org. It is commonly used on Linux systems,and is used by \\ the PDF viewers of the open source GNOME and KDE desktop environments.\r\n\r\nSecurity Fix(es):\r\n\r\nUncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.(CVE-2020-23804)\r\n\r\nIn Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.(CVE-2022-37050)\r\n\r\nAn issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.(CVE-2022-37051)\r\n\r\nA reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.(CVE-2022-37052)\r\n\r\nAn issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.(CVE-2022-38349)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2022-38349",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38349",
|
|
"severity": "High"
|
|
}
|
|
]
|
|
} |