Security update for poppler SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:1662-1 Final 1 1 2018-06-12T13:45:38Z current 2018-06-12T13:45:38Z 2018-06-12T13:45:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for poppler This update for poppler fixes the following issues: These security issues were fixed: - CVE-2017-14517: Prevent NULL Pointer dereference in the XRef::parseEntry() function via a crafted PDF document (bsc#1059066). - CVE-2017-9865: Fixed a stack-based buffer overflow vulnerability in GfxState.cc that would have allowed attackers to facilitate a denial-of-service attack via specially crafted PDF documents. (bsc#1045939) - CVE-2017-14518: Remedy a floating point exception in isImageInterpolationRequired() that could have been exploited using a specially crafted PDF document. (bsc#1059101) - CVE-2017-14520: Remedy a floating point exception in Splash::scaleImageYuXd() that could have been exploited using a specially crafted PDF document. (bsc#1059155) - CVE-2017-14617: Fixed a floating point exception in Stream.cc, which may lead to a potential attack when handling malicious PDF files. (bsc#1060220) - CVE-2017-14928: Fixed a NULL Pointer dereference in AnnotRichMedia::Configuration::Configuration() in Annot.cc, which may lead to a potential attack when handling malicious PDF files. (bsc#1061092) - CVE-2017-14975: Fixed a NULL pointer dereference vulnerability, that existed because a data structure in FoFiType1C.cc was not initialized, which allowed an attacker to launch a denial of service attack. (bsc#1061263) - CVE-2017-14976: Fixed a heap-based buffer over-read vulnerability in FoFiType1C.cc that occurred when an out-of-bounds font dictionary index was encountered, which allowed an attacker to launch a denial of service attack. (bsc#1061264) - CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. (bsc#1061265) - CVE-2017-15565: Prevent NULL Pointer dereference in the GfxImageColorMap::getGrayLine() function via a crafted PDF document (bsc#1064593). - CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent overflows in subsequent calculations (bsc#1074453). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP3-2018-1125,SUSE-SLE-SDK-12-SP3-2018-1125,SUSE-SLE-SERVER-12-SP3-2018-1125 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/ Link for SUSE-SU-2018:1662-1 https://lists.suse.com/pipermail/sle-security-updates/2018-June/004186.html E-Mail link for SUSE-SU-2018:1662-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1045939 SUSE Bug 1045939 https://bugzilla.suse.com/1059066 SUSE Bug 1059066 https://bugzilla.suse.com/1059101 SUSE Bug 1059101 https://bugzilla.suse.com/1059155 SUSE Bug 1059155 https://bugzilla.suse.com/1060220 SUSE Bug 1060220 https://bugzilla.suse.com/1061092 SUSE Bug 1061092 https://bugzilla.suse.com/1061263 SUSE Bug 1061263 https://bugzilla.suse.com/1061264 SUSE Bug 1061264 https://bugzilla.suse.com/1061265 SUSE Bug 1061265 https://bugzilla.suse.com/1064593 SUSE Bug 1064593 https://bugzilla.suse.com/1074453 SUSE Bug 1074453 https://www.suse.com/security/cve/CVE-2017-1000456/ SUSE CVE CVE-2017-1000456 page https://www.suse.com/security/cve/CVE-2017-14517/ SUSE CVE CVE-2017-14517 page https://www.suse.com/security/cve/CVE-2017-14518/ SUSE CVE CVE-2017-14518 page https://www.suse.com/security/cve/CVE-2017-14520/ SUSE CVE CVE-2017-14520 page https://www.suse.com/security/cve/CVE-2017-14617/ SUSE CVE CVE-2017-14617 page https://www.suse.com/security/cve/CVE-2017-14928/ SUSE CVE CVE-2017-14928 page https://www.suse.com/security/cve/CVE-2017-14975/ SUSE CVE CVE-2017-14975 page https://www.suse.com/security/cve/CVE-2017-14976/ SUSE CVE CVE-2017-14976 page https://www.suse.com/security/cve/CVE-2017-14977/ SUSE CVE CVE-2017-14977 page https://www.suse.com/security/cve/CVE-2017-15565/ SUSE CVE CVE-2017-15565 page https://www.suse.com/security/cve/CVE-2017-9865/ SUSE CVE CVE-2017-9865 page SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP3 libpoppler-glib8-0.43.0-16.15.1 libpoppler-qt4-4-0.43.0-16.15.1 libpoppler60-0.43.0-16.15.1 poppler-tools-0.43.0-16.15.1 libpoppler-cpp0-0.43.0-16.15.1 libpoppler-devel-0.43.0-16.15.1 libpoppler-glib-devel-0.43.0-16.15.1 libpoppler-qt4-devel-0.43.0-16.15.1 typelib-1_0-Poppler-0_18-0.43.0-16.15.1 libpoppler-glib8-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libpoppler-qt4-4-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libpoppler60-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 poppler-tools-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libpoppler-glib8-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Server 12 SP3 libpoppler-qt4-4-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Server 12 SP3 libpoppler60-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Server 12 SP3 poppler-tools-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Server 12 SP3 libpoppler-glib8-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libpoppler-qt4-4-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libpoppler60-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 poppler-tools-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libpoppler-cpp0-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 libpoppler-devel-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 libpoppler-glib-devel-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 libpoppler-qt4-devel-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 typelib-1_0-Poppler-0_18-0.43.0-16.15.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. CVE-2017-1000456 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-cpp0-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-glib-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-qt4-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Poppler-0_18-0.43.0-16.15.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/ https://www.suse.com/security/cve/CVE-2017-1000456.html CVE-2017-1000456 https://bugzilla.suse.com/1074453 SUSE Bug 1074453 In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. CVE-2017-14517 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-cpp0-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-glib-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-qt4-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Poppler-0_18-0.43.0-16.15.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/ https://www.suse.com/security/cve/CVE-2017-14517.html CVE-2017-14517 https://bugzilla.suse.com/1059066 SUSE Bug 1059066 In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. CVE-2017-14518 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-cpp0-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-glib-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-qt4-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Poppler-0_18-0.43.0-16.15.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/ https://www.suse.com/security/cve/CVE-2017-14518.html CVE-2017-14518 https://bugzilla.suse.com/1059101 SUSE Bug 1059101 In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. CVE-2017-14520 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-cpp0-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-glib-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-qt4-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Poppler-0_18-0.43.0-16.15.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/ https://www.suse.com/security/cve/CVE-2017-14520.html CVE-2017-14520 https://bugzilla.suse.com/1059155 SUSE Bug 1059155 In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. CVE-2017-14617 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-cpp0-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-glib-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-qt4-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Poppler-0_18-0.43.0-16.15.1 low 1.7 AV:L/AC:L/Au:S/C:N/I:N/A:P 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/ https://www.suse.com/security/cve/CVE-2017-14617.html CVE-2017-14617 https://bugzilla.suse.com/1060220 SUSE Bug 1060220 In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. CVE-2017-14928 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-cpp0-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-glib-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-qt4-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Poppler-0_18-0.43.0-16.15.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/ https://www.suse.com/security/cve/CVE-2017-14928.html CVE-2017-14928 https://bugzilla.suse.com/1061092 SUSE Bug 1061092 The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. CVE-2017-14975 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-cpp0-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-glib-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-qt4-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Poppler-0_18-0.43.0-16.15.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/ https://www.suse.com/security/cve/CVE-2017-14975.html CVE-2017-14975 https://bugzilla.suse.com/1061263 SUSE Bug 1061263 The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. CVE-2017-14976 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-cpp0-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-glib-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-qt4-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Poppler-0_18-0.43.0-16.15.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/ https://www.suse.com/security/cve/CVE-2017-14976.html CVE-2017-14976 https://bugzilla.suse.com/1061264 SUSE Bug 1061264 The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. CVE-2017-14977 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-cpp0-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-glib-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-qt4-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Poppler-0_18-0.43.0-16.15.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/ https://www.suse.com/security/cve/CVE-2017-14977.html CVE-2017-14977 https://bugzilla.suse.com/1061265 SUSE Bug 1061265 In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. CVE-2017-15565 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-cpp0-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-glib-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-qt4-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Poppler-0_18-0.43.0-16.15.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/ https://www.suse.com/security/cve/CVE-2017-15565.html CVE-2017-15565 https://bugzilla.suse.com/1064593 SUSE Bug 1064593 The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc. CVE-2017-9865 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Desktop 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-glib8-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler-qt4-4-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libpoppler60-0.43.0-16.15.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:poppler-tools-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-cpp0-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-glib-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libpoppler-qt4-devel-0.43.0-16.15.1 SUSE Linux Enterprise Software Development Kit 12 SP3:typelib-1_0-Poppler-0_18-0.43.0-16.15.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20181662-1/ https://www.suse.com/security/cve/CVE-2017-9865.html CVE-2017-9865 https://bugzilla.suse.com/1045939 SUSE Bug 1045939