{"affected":[{"ecosystem_specific":{"binaries":[{"libpodofo-devel":"0.9.6-150300.3.15.1","libpodofo0_9_6":"0.9.6-150300.3.15.1","podofo":"0.9.6-150300.3.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP5","name":"podofo","purl":"pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.6-150300.3.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpodofo-devel":"0.9.6-150300.3.15.1","libpodofo0_9_6":"0.9.6-150300.3.15.1","podofo":"0.9.6-150300.3.15.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"podofo","purl":"pkg:rpm/suse/podofo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.6-150300.3.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpodofo-devel":"0.9.6-150300.3.15.1","libpodofo0_9_6":"0.9.6-150300.3.15.1","podofo":"0.9.6-150300.3.15.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"podofo","purl":"pkg:rpm/opensuse/podofo&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.6-150300.3.15.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpodofo-devel":"0.9.6-150300.3.15.1","libpodofo0_9_6":"0.9.6-150300.3.15.1","podofo":"0.9.6-150300.3.15.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"podofo","purl":"pkg:rpm/opensuse/podofo&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.6-150300.3.15.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for podofo fixes the following issues:\n\n - CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190)\n - CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787)\n - CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786)\n - CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785)\n - CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779)\n - CVE-2017-6849: Fixed NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) (bsc#1027776)\n - CVE-2017-8378: Fixed denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp) (bsc#1037000)  \n\n - Fixed NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) (bsc#1023072)\n","id":"SUSE-SU-2024:3550-1","modified":"2024-10-08T14:07:52Z","published":"2024-10-08T14:07:52Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20243550-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1023072"},{"type":"REPORT","url":"https://bugzilla.suse.com/1023190"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027776"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027779"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027785"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027786"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027787"},{"type":"REPORT","url":"https://bugzilla.suse.com/1037000"},{"type":"REPORT","url":"https://bugzilla.suse.com/1075322"},{"type":"REPORT","url":"https://bugzilla.suse.com/1084894"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-8981"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6840"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6841"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6842"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6845"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-6849"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8378"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5309"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8001"}],"related":["CVE-2015-8981","CVE-2017-6840","CVE-2017-6841","CVE-2017-6842","CVE-2017-6845","CVE-2017-6849","CVE-2017-8378","CVE-2018-5309","CVE-2018-8001"],"summary":"Security update for podofo","upstream":["CVE-2015-8981","CVE-2017-6840","CVE-2017-6841","CVE-2017-6842","CVE-2017-6845","CVE-2017-6849","CVE-2017-8378","CVE-2018-5309","CVE-2018-8001"]}