English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.852246
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for podofo (openSUSE-SU-2019:0066-1)
Zusammenfassung:The remote host is missing an update for the 'podofo'; package(s) announced via the openSUSE-SU-2019:0066-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'podofo'
package(s) announced via the openSUSE-SU-2019:0066-1 advisory.

Vulnerability Insight:
This update for podofo version 0.9.6 fixes the following issues:

Security issues fixed:

- CVE-2017-5852: Fix an infinite loop in
PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp) (boo#1023067)

- CVE-2017-5854: Fix a NULL pointer dereference in PdfOutputStream.cpp
(boo#1023070)

- CVE-2017-5886: Fix a heap-based buffer overflow in
PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp) (boo#1023380)

- CVE-2017-6844: Fix a buffer overflow in
PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp) (boo#1027782)

- CVE-2017-6847: Fix a NULL pointer dereference in
PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h) (boo#1027778)

- CVE-2017-7379: Fix a heap-based buffer overflow in
PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncoding.cpp)
(boo#1032018)

- CVE-2018-5296: Fix a denial of service in the ReadXRefSubsection
function (boo#1075021)

- CVE-2018-5309: Fix an integer overflow in the ReadObjectsFromStream
function (boo#1075322)

- CVE-2017-5853: Fix a signed integer overflow in PdfParser.cpp
(boo#1023069)

- CVE-2017-5855: Fix a NULL pointer dereference in the ReadXRefSubsection
function (boo#1023071)

- CVE-2017-6840: Fix an invalid memory read in the GetColorFromStack
function (boo#1027787)

- CVE-2017-6845: Fix a NULL pointer dereference in the
SetNonStrokingColorSpace function (boo#1027779)

- CVE-2017-7378: Fix a heap-based buffer overflow in the ExpandTabs
function (boo#1032017)

- CVE-2017-7380: Fix four null pointer dereferences (boo#1032019)

- CVE-2017-8054: Fix a denial of service in the GetPageNodeFromArray
function (boo#1035596)

- CVE-2018-5295: Fix an integer overflow in the ParseStream function
(boo#1075026)

- CVE-2018-5308: Fix undefined behavior in the
PdfMemoryOutputStream::Write function (boo#1075772)

- CVE-2018-8001: Fix a heap overflow read vulnerability in the
UnescapeName function (boo#1084894)

- CVE-2017-7994, CVE-2017-8787: Fix a denial of service via a crafted PDF
document (boo#1035534, boo#1037739)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-66=1

Affected Software/OS:
podofo on openSUSE Leap 42.3.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-5852
BugTraq ID: 97032
http://www.securityfocus.com/bid/97032
https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp/
http://www.openwall.com/lists/oss-security/2017/02/01/12
http://www.openwall.com/lists/oss-security/2017/02/02/10
Common Vulnerability Exposure (CVE) ID: CVE-2017-5853
BugTraq ID: 96066
http://www.securityfocus.com/bid/96066
https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5854
BugTraq ID: 96072
http://www.securityfocus.com/bid/96072
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp/
http://www.openwall.com/lists/oss-security/2017/02/01/14
http://www.openwall.com/lists/oss-security/2017/02/02/12
Common Vulnerability Exposure (CVE) ID: CVE-2017-5855
BugTraq ID: 96516
http://www.securityfocus.com/bid/96516
https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp/
Common Vulnerability Exposure (CVE) ID: CVE-2017-5886
BugTraq ID: 96512
http://www.securityfocus.com/bid/96512
https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp/
Common Vulnerability Exposure (CVE) ID: CVE-2017-6840
https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp/
Common Vulnerability Exposure (CVE) ID: CVE-2017-6844
https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp/
Common Vulnerability Exposure (CVE) ID: CVE-2017-6845
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp/
Common Vulnerability Exposure (CVE) ID: CVE-2017-6847
https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h/
Common Vulnerability Exposure (CVE) ID: CVE-2017-7378
BugTraq ID: 97296
http://www.securityfocus.com/bid/97296
https://blogs.gentoo.org/ago/2017/03/31/podofo-heap-based-buffer-overflow-in-podofopdfpainterexpandtabs-pdfpainter-cpp
Common Vulnerability Exposure (CVE) ID: CVE-2017-7379
https://blogs.gentoo.org/ago/2017/03/31/podofo-heap-based-buffer-overflow-in-podofopdfsimpleencodingconverttoencoding-pdfencoding-cpp
Common Vulnerability Exposure (CVE) ID: CVE-2017-7380
https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference
Common Vulnerability Exposure (CVE) ID: CVE-2017-7994
BugTraq ID: 97980
http://www.securityfocus.com/bid/97980
https://github.com/icepng/PoC/tree/master/PoC1
https://icepng.github.io/2017/04/21/PoDoFo-1/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8054
http://qwertwwwe.github.io/2017/04/22/PoDoFo-0-9-5-allows-remote-attackers-to-cause-a-denial-of-service-infinit-loop/
Common Vulnerability Exposure (CVE) ID: CVE-2017-8787
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738
Common Vulnerability Exposure (CVE) ID: CVE-2018-5295
https://bugzilla.redhat.com/show_bug.cgi?id=1531897
Common Vulnerability Exposure (CVE) ID: CVE-2018-5296
https://bugzilla.redhat.com/show_bug.cgi?id=1531956
Common Vulnerability Exposure (CVE) ID: CVE-2018-5308
https://bugzilla.redhat.com/show_bug.cgi?id=1532390
Common Vulnerability Exposure (CVE) ID: CVE-2018-5309
https://bugzilla.redhat.com/show_bug.cgi?id=1532381
Common Vulnerability Exposure (CVE) ID: CVE-2018-8001
https://bugzilla.redhat.com/show_bug.cgi?id=1549469
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.