Security update for poppler SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:4362-1 Final 1 1 2023-11-03T12:48:58Z current 2023-11-03T12:48:58Z 2023-11-03T12:48:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for poppler This update for poppler fixes the following issues: - CVE-2019-9545: Fixed a potential crash due to uncontrolled recursion in the JBIG parser (bsc#1128114). - CVE-2019-9631: Fixed an out of bounds read when converting a PDF to an image (bsc#1129202). - CVE-2022-37052: Fixed a reachable assertion when extracting pages of a PDf file (bsc#1214726). - CVE-2020-36023: Fixed a stack bugger overflow in FoFiType1C:cvtGlyph (bsc#1214256). - CVE-2019-13287: Fixed an out-of-bounds read vulnerability in the function SplashXPath:strokeAdjust (bsc#1140745). - CVE-2018-18456: Fixed a stack-based buffer over-read via a crafted pdf file (bsc#1112428). - CVE-2018-18454: Fixed heap-based buffer over-read via a crafted pdf file (bsc#1112424). - CVE-2019-14292: Fixed an out of bounds read in GfxState.cc (bsc#1143570). - CVE-2022-48545: Fixed an infinite recursion in Catalog::findDestInTree which can cause denial of service (bsc#1214723). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-4362,SUSE-SLE-SDK-12-SP5-2023-4362,SUSE-SLE-SERVER-12-SP5-2023-4362 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/ Link for SUSE-SU-2023:4362-1 https://lists.suse.com/pipermail/sle-security-updates/2023-November/016988.html E-Mail link for SUSE-SU-2023:4362-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1112424 SUSE Bug 1112424 https://bugzilla.suse.com/1112428 SUSE Bug 1112428 https://bugzilla.suse.com/1128114 SUSE Bug 1128114 https://bugzilla.suse.com/1129202 SUSE Bug 1129202 https://bugzilla.suse.com/1140745 SUSE Bug 1140745 https://bugzilla.suse.com/1143570 SUSE Bug 1143570 https://bugzilla.suse.com/1214256 SUSE Bug 1214256 https://bugzilla.suse.com/1214723 SUSE Bug 1214723 https://bugzilla.suse.com/1214726 SUSE Bug 1214726 https://www.suse.com/security/cve/CVE-2018-18454/ SUSE CVE CVE-2018-18454 page https://www.suse.com/security/cve/CVE-2018-18456/ SUSE CVE CVE-2018-18456 page https://www.suse.com/security/cve/CVE-2019-13287/ SUSE CVE CVE-2019-13287 page https://www.suse.com/security/cve/CVE-2019-14292/ SUSE CVE CVE-2019-14292 page https://www.suse.com/security/cve/CVE-2019-9545/ SUSE CVE CVE-2019-9545 page https://www.suse.com/security/cve/CVE-2019-9631/ SUSE CVE CVE-2019-9631 page https://www.suse.com/security/cve/CVE-2020-36023/ SUSE CVE CVE-2020-36023 page https://www.suse.com/security/cve/CVE-2022-37052/ SUSE CVE CVE-2022-37052 page https://www.suse.com/security/cve/CVE-2022-48545/ SUSE CVE CVE-2022-48545 page SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Software Development Kit 12 SP5 libpoppler-cpp0-0.43.0-16.40.1 libpoppler-cpp0-32bit-0.43.0-16.40.1 libpoppler-cpp0-64bit-0.43.0-16.40.1 libpoppler-devel-0.43.0-16.40.1 libpoppler-glib-devel-0.43.0-16.40.1 libpoppler-glib8-0.43.0-16.40.1 libpoppler-glib8-32bit-0.43.0-16.40.1 libpoppler-glib8-64bit-0.43.0-16.40.1 libpoppler-qt4-4-0.43.0-16.40.1 libpoppler-qt4-4-32bit-0.43.0-16.40.1 libpoppler-qt4-4-64bit-0.43.0-16.40.1 libpoppler-qt4-devel-0.43.0-16.40.1 libpoppler-qt5-1-0.43.0-16.40.1 libpoppler-qt5-1-32bit-0.43.0-16.40.1 libpoppler-qt5-1-64bit-0.43.0-16.40.1 libpoppler-qt5-devel-0.43.0-16.40.1 libpoppler60-0.43.0-16.40.1 libpoppler60-32bit-0.43.0-16.40.1 libpoppler60-64bit-0.43.0-16.40.1 poppler-tools-0.43.0-16.40.1 typelib-1_0-Poppler-0_18-0.43.0-16.40.1 libpoppler-glib8-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Server 12 SP5 libpoppler-qt4-4-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Server 12 SP5 libpoppler60-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Server 12 SP5 poppler-tools-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Server 12 SP5 libpoppler-glib8-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libpoppler-qt4-4-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libpoppler60-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 poppler-tools-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 libpoppler-cpp0-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libpoppler-devel-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libpoppler-glib-devel-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 libpoppler-qt4-devel-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 typelib-1_0-Poppler-0_18-0.43.0-16.40.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP5 CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. CVE-2018-18454 SUSE Linux Enterprise Server 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-cpp0-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-glib-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-qt4-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-Poppler-0_18-0.43.0-16.40.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/ https://www.suse.com/security/cve/CVE-2018-18454.html CVE-2018-18454 https://bugzilla.suse.com/1112424 SUSE Bug 1112424 https://bugzilla.suse.com/1133493 SUSE Bug 1133493 The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. CVE-2018-18456 SUSE Linux Enterprise Server 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-cpp0-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-glib-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-qt4-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-Poppler-0_18-0.43.0-16.40.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/ https://www.suse.com/security/cve/CVE-2018-18456.html CVE-2018-18456 https://bugzilla.suse.com/1112428 SUSE Bug 1112428 https://bugzilla.suse.com/1133493 SUSE Bug 1133493 In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368. CVE-2019-13287 SUSE Linux Enterprise Server 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-cpp0-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-glib-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-qt4-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-Poppler-0_18-0.43.0-16.40.1 low 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/ https://www.suse.com/security/cve/CVE-2019-13287.html CVE-2019-13287 https://bugzilla.suse.com/1140745 SUSE Bug 1140745 An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. CVE-2019-14292 SUSE Linux Enterprise Server 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-cpp0-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-glib-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-qt4-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-Poppler-0_18-0.43.0-16.40.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/ https://www.suse.com/security/cve/CVE-2019-14292.html CVE-2019-14292 https://bugzilla.suse.com/1143570 SUSE Bug 1143570 An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. CVE-2019-9545 SUSE Linux Enterprise Server 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-cpp0-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-glib-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-qt4-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-Poppler-0_18-0.43.0-16.40.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/ https://www.suse.com/security/cve/CVE-2019-9545.html CVE-2019-9545 https://bugzilla.suse.com/1128114 SUSE Bug 1128114 Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. CVE-2019-9631 SUSE Linux Enterprise Server 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-cpp0-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-glib-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-qt4-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-Poppler-0_18-0.43.0-16.40.1 low 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/ https://www.suse.com/security/cve/CVE-2019-9631.html CVE-2019-9631 https://bugzilla.suse.com/1129202 SUSE Bug 1129202 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. CVE-2020-36023 SUSE Linux Enterprise Server 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-cpp0-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-glib-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-qt4-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-Poppler-0_18-0.43.0-16.40.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/ https://www.suse.com/security/cve/CVE-2020-36023.html CVE-2020-36023 https://bugzilla.suse.com/1214256 SUSE Bug 1214256 A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. CVE-2022-37052 SUSE Linux Enterprise Server 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-cpp0-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-glib-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-qt4-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-Poppler-0_18-0.43.0-16.40.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/ https://www.suse.com/security/cve/CVE-2022-37052.html CVE-2022-37052 https://bugzilla.suse.com/1214726 SUSE Bug 1214726 An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. CVE-2022-48545 SUSE Linux Enterprise Server 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-glib8-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler-qt4-4-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:libpoppler60-0.43.0-16.40.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:poppler-tools-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-cpp0-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-glib-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler-qt4-devel-0.43.0-16.40.1 SUSE Linux Enterprise Software Development Kit 12 SP5:typelib-1_0-Poppler-0_18-0.43.0-16.40.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20234362-1/ https://www.suse.com/security/cve/CVE-2022-48545.html CVE-2022-48545 https://bugzilla.suse.com/1214723 SUSE Bug 1214723