Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-9199 (GCVE-0-2019-9199)
Vulnerability from cvelistv5 – Published: 2019-02-26 00:00 – Updated: 2024-08-04 21:38
VLAI?
EPSS
Summary
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/"
},
{
"tags": [
"x_transferred"
],
"url": "https://sourceforge.net/p/podofo/tickets/40/"
},
{
"name": "FEDORA-2019-023ea18e20",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/"
},
{
"name": "FEDORA-2019-a1dc51a9e2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T20:22:21.640156",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/"
},
{
"url": "https://sourceforge.net/p/podofo/tickets/40/"
},
{
"name": "FEDORA-2019-023ea18e20",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/"
},
{
"name": "FEDORA-2019-a1dc51a9e2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/"
},
{
"url": "https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8"
},
{
"url": "https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9199",
"datePublished": "2019-02-26T00:00:00",
"dateReserved": "2019-02-26T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:podofo_project:podofo:0.9.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"389AF43A-D7A7-4AA6-9FEE-AE5023F8937C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D100F7CE-FC64-4CC6-852A-6136D72DA419\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.\"}, {\"lang\": \"es\", \"value\": \"PoDoFo::Impose::PdfTranslator::setSource() en pdftranslator.cpp en la versi\\u00f3n 0.9.6 de PoDoFo tiene una vulnerabilidad de desreferencia de puntero NULL que puede desencadenarse, por ejemplo, mediante el env\\u00edo de un archivo PDF manipulado al binario podofoimpose. Permite a un atacante provocar una denegaci\\u00f3n de servicio (fallo de segmentaci\\u00f3n) o tener otro impacto no especificado.\"}]",
"id": "CVE-2019-9199",
"lastModified": "2024-11-21T04:51:11.377",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2019-02-26T23:29:00.247",
"references": "[{\"url\": \"https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://sourceforge.net/p/podofo/tickets/40/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://sourceforge.net/p/podofo/tickets/40/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-9199\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-02-26T23:29:00.247\",\"lastModified\":\"2024-11-21T04:51:11.377\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.\"},{\"lang\":\"es\",\"value\":\"PoDoFo::Impose::PdfTranslator::setSource() en pdftranslator.cpp en la versi\u00f3n 0.9.6 de PoDoFo tiene una vulnerabilidad de desreferencia de puntero NULL que puede desencadenarse, por ejemplo, mediante el env\u00edo de un archivo PDF manipulado al binario podofoimpose. Permite a un atacante provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o tener otro impacto no especificado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:podofo_project:podofo:0.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"389AF43A-D7A7-4AA6-9FEE-AE5023F8937C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D100F7CE-FC64-4CC6-852A-6136D72DA419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}]}]}],\"references\":[{\"url\":\"https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/podofo/tickets/40/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/podofo/tickets/40/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
}
}
GHSA-2PR3-QRHM-JM7J
Vulnerability from github – Published: 2022-05-14 01:13 – Updated: 2022-05-14 01:13
VLAI?
Details
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2019-9199"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-26T23:29:00Z",
"severity": "HIGH"
},
"details": "PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.",
"id": "GHSA-2pr3-qrhm-jm7j",
"modified": "2022-05-14T01:13:35Z",
"published": "2022-05-14T01:13:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9199"
},
{
"type": "WEB",
"url": "https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9"
},
{
"type": "WEB",
"url": "https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF"
},
{
"type": "WEB",
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/podofo/tickets/40"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
OPENSUSE-SU-2024:14278-1
Vulnerability from csaf_opensuse - Published: 2024-08-20 00:00 - Updated: 2024-08-20 00:00Summary
libpodofo-devel-0.10.3-2.1 on GA media
Notes
Title of the patch
libpodofo-devel-0.10.3-2.1 on GA media
Description of the patch
These are all security issues fixed in the libpodofo-devel-0.10.3-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14278
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libpodofo-devel-0.10.3-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libpodofo-devel-0.10.3-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14278",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14278-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19532 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19532/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20093 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20093/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9199 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9199/"
}
],
"title": "libpodofo-devel-0.10.3-2.1 on GA media",
"tracking": {
"current_release_date": "2024-08-20T00:00:00Z",
"generator": {
"date": "2024-08-20T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14278-1",
"initial_release_date": "2024-08-20T00:00:00Z",
"revision_history": [
{
"date": "2024-08-20T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.10.3-2.1.aarch64",
"product": {
"name": "libpodofo-devel-0.10.3-2.1.aarch64",
"product_id": "libpodofo-devel-0.10.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpodofo2-0.10.3-2.1.aarch64",
"product": {
"name": "libpodofo2-0.10.3-2.1.aarch64",
"product_id": "libpodofo2-0.10.3-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "podofo-0.10.3-2.1.aarch64",
"product": {
"name": "podofo-0.10.3-2.1.aarch64",
"product_id": "podofo-0.10.3-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.10.3-2.1.ppc64le",
"product": {
"name": "libpodofo-devel-0.10.3-2.1.ppc64le",
"product_id": "libpodofo-devel-0.10.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpodofo2-0.10.3-2.1.ppc64le",
"product": {
"name": "libpodofo2-0.10.3-2.1.ppc64le",
"product_id": "libpodofo2-0.10.3-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podofo-0.10.3-2.1.ppc64le",
"product": {
"name": "podofo-0.10.3-2.1.ppc64le",
"product_id": "podofo-0.10.3-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.10.3-2.1.s390x",
"product": {
"name": "libpodofo-devel-0.10.3-2.1.s390x",
"product_id": "libpodofo-devel-0.10.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "libpodofo2-0.10.3-2.1.s390x",
"product": {
"name": "libpodofo2-0.10.3-2.1.s390x",
"product_id": "libpodofo2-0.10.3-2.1.s390x"
}
},
{
"category": "product_version",
"name": "podofo-0.10.3-2.1.s390x",
"product": {
"name": "podofo-0.10.3-2.1.s390x",
"product_id": "podofo-0.10.3-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.10.3-2.1.x86_64",
"product": {
"name": "libpodofo-devel-0.10.3-2.1.x86_64",
"product_id": "libpodofo-devel-0.10.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpodofo2-0.10.3-2.1.x86_64",
"product": {
"name": "libpodofo2-0.10.3-2.1.x86_64",
"product_id": "libpodofo2-0.10.3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "podofo-0.10.3-2.1.x86_64",
"product": {
"name": "podofo-0.10.3-2.1.x86_64",
"product_id": "podofo-0.10.3-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.10.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.aarch64"
},
"product_reference": "libpodofo-devel-0.10.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.10.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.ppc64le"
},
"product_reference": "libpodofo-devel-0.10.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.10.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.s390x"
},
"product_reference": "libpodofo-devel-0.10.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.10.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.x86_64"
},
"product_reference": "libpodofo-devel-0.10.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo2-0.10.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.aarch64"
},
"product_reference": "libpodofo2-0.10.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo2-0.10.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.ppc64le"
},
"product_reference": "libpodofo2-0.10.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo2-0.10.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.s390x"
},
"product_reference": "libpodofo2-0.10.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo2-0.10.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.x86_64"
},
"product_reference": "libpodofo2-0.10.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.10.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podofo-0.10.3-2.1.aarch64"
},
"product_reference": "podofo-0.10.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.10.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podofo-0.10.3-2.1.ppc64le"
},
"product_reference": "podofo-0.10.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.10.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podofo-0.10.3-2.1.s390x"
},
"product_reference": "podofo-0.10.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.10.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podofo-0.10.3-2.1.x86_64"
},
"product_reference": "podofo-0.10.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-19532",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19532"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19532",
"url": "https://www.suse.com/security/cve/CVE-2018-19532"
},
{
"category": "external",
"summary": "SUSE Bug 1117514 for CVE-2018-19532",
"url": "https://bugzilla.suse.com/1117514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-20T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-19532"
},
{
"cve": "CVE-2019-20093",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20093"
}
],
"notes": [
{
"category": "general",
"text": "The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20093",
"url": "https://www.suse.com/security/cve/CVE-2019-20093"
},
{
"category": "external",
"summary": "SUSE Bug 1159921 for CVE-2019-20093",
"url": "https://bugzilla.suse.com/1159921"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-20093"
},
{
"cve": "CVE-2019-9199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9199"
}
],
"notes": [
{
"category": "general",
"text": "PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9199",
"url": "https://www.suse.com/security/cve/CVE-2019-9199"
},
{
"category": "external",
"summary": "SUSE Bug 1127855 for CVE-2019-9199",
"url": "https://bugzilla.suse.com/1127855"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo-devel-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:libpodofo2-0.10.3-2.1.x86_64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.aarch64",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.ppc64le",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.s390x",
"openSUSE Tumbleweed:podofo-0.10.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-20T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-9199"
}
]
}
SUSE-SU-2024:2137-1
Vulnerability from csaf_suse - Published: 2024-06-21 11:08 - Updated: 2024-06-21 11:08Summary
Security update for podofo
Notes
Title of the patch
Security update for podofo
Description of the patch
This update for podofo fixes the following issues:
- CVE-2019-9199: Fixed a NULL pointer dereference in podofoimpose (bsc#1127855)
- CVE-2018-20797: Fixed an excessive memory allocation in PoDoFo:podofo_calloc (bsc#1127514)
- CVE-2019-10723: Fixed a memory leak in PdfPagesTreeCache (bsc#1131544)
Patchnames
SUSE-2024-2137,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-2137,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2137,openSUSE-SLE-15.5-2024-2137,openSUSE-SLE-15.6-2024-2137
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podofo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podofo fixes the following issues:\n\n- CVE-2019-9199: Fixed a NULL pointer dereference in podofoimpose (bsc#1127855)\n- CVE-2018-20797: Fixed an excessive memory allocation in PoDoFo:podofo_calloc (bsc#1127514)\n- CVE-2019-10723: Fixed a memory leak in PdfPagesTreeCache (bsc#1131544)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2137,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-2137,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-2137,openSUSE-SLE-15.5-2024-2137,openSUSE-SLE-15.6-2024-2137",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2137-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2137-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242137-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2137-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-June/035680.html"
},
{
"category": "self",
"summary": "SUSE Bug 1127514",
"url": "https://bugzilla.suse.com/1127514"
},
{
"category": "self",
"summary": "SUSE Bug 1127855",
"url": "https://bugzilla.suse.com/1127855"
},
{
"category": "self",
"summary": "SUSE Bug 1131544",
"url": "https://bugzilla.suse.com/1131544"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20797 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10723 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9199 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9199/"
}
],
"title": "Security update for podofo",
"tracking": {
"current_release_date": "2024-06-21T11:08:09Z",
"generator": {
"date": "2024-06-21T11:08:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2137-1",
"initial_release_date": "2024-06-21T11:08:09Z",
"revision_history": [
{
"date": "2024-06-21T11:08:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"product": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"product_id": "libpodofo-devel-0.9.6-150300.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"product": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"product_id": "libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "podofo-0.9.6-150300.3.9.1.aarch64",
"product": {
"name": "podofo-0.9.6-150300.3.9.1.aarch64",
"product_id": "podofo-0.9.6-150300.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.9.6-150300.3.9.1.i586",
"product": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.i586",
"product_id": "libpodofo-devel-0.9.6-150300.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.i586",
"product": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.i586",
"product_id": "libpodofo0_9_6-0.9.6-150300.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "podofo-0.9.6-150300.3.9.1.i586",
"product": {
"name": "podofo-0.9.6-150300.3.9.1.i586",
"product_id": "podofo-0.9.6-150300.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"product": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"product_id": "libpodofo-devel-0.9.6-150300.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"product": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"product_id": "libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podofo-0.9.6-150300.3.9.1.ppc64le",
"product": {
"name": "podofo-0.9.6-150300.3.9.1.ppc64le",
"product_id": "podofo-0.9.6-150300.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"product": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"product_id": "libpodofo-devel-0.9.6-150300.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"product": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"product_id": "libpodofo0_9_6-0.9.6-150300.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "podofo-0.9.6-150300.3.9.1.s390x",
"product": {
"name": "podofo-0.9.6-150300.3.9.1.s390x",
"product_id": "podofo-0.9.6-150300.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"product": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"product_id": "libpodofo-devel-0.9.6-150300.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"product": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"product_id": "libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "podofo-0.9.6-150300.3.9.1.x86_64",
"product": {
"name": "podofo-0.9.6-150300.3.9.1.x86_64",
"product_id": "podofo-0.9.6-150300.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.s390x"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.aarch64"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.ppc64le"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.s390x"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.x86_64"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.s390x"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.aarch64"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.ppc64le"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.s390x"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.x86_64"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.s390x"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.aarch64"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.ppc64le"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.s390x"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.x86_64"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.s390x"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.6-150300.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64"
},
"product_reference": "libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64"
},
"product_reference": "libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.aarch64"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.ppc64le"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.s390x"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podofo-0.9.6-150300.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.x86_64"
},
"product_reference": "podofo-0.9.6-150300.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-20797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20797"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20797",
"url": "https://www.suse.com/security/cve/CVE-2018-20797"
},
{
"category": "external",
"summary": "SUSE Bug 1127514 for CVE-2018-20797",
"url": "https://bugzilla.suse.com/1127514"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-21T11:08:09Z",
"details": "low"
}
],
"title": "CVE-2018-20797"
},
{
"cve": "CVE-2019-10723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10723"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10723",
"url": "https://www.suse.com/security/cve/CVE-2019-10723"
},
{
"category": "external",
"summary": "SUSE Bug 1131544 for CVE-2019-10723",
"url": "https://bugzilla.suse.com/1131544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-21T11:08:09Z",
"details": "moderate"
}
],
"title": "CVE-2019-10723"
},
{
"cve": "CVE-2019-9199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9199"
}
],
"notes": [
{
"category": "general",
"text": "PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9199",
"url": "https://www.suse.com/security/cve/CVE-2019-9199"
},
{
"category": "external",
"summary": "SUSE Bug 1127855 for CVE-2019-9199",
"url": "https://bugzilla.suse.com/1127855"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:podofo-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.5:podofo-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo-devel-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:libpodofo0_9_6-0.9.6-150300.3.9.1.x86_64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.aarch64",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.ppc64le",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.s390x",
"openSUSE Leap 15.6:podofo-0.9.6-150300.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-21T11:08:09Z",
"details": "low"
}
],
"title": "CVE-2019-9199"
}
]
}
SUSE-SU-2024:3541-1
Vulnerability from csaf_suse - Published: 2024-10-08 08:33 - Updated: 2024-10-08 08:33Summary
Security update for podofo
Notes
Title of the patch
Security update for podofo
Description of the patch
This update for podofo fixes the following issues:
- CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190)
- CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787)
- CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786)
- CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785)
- CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779)
- CVE-2017-6849: Fixed NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) (bsc#1027776)
- CVE-2017-8378: Fixed denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp) (bsc#1037000)
- CVE-2018-5308: Fixed Undefined behavior (memcpy with NULL pointer) in PdfMemoryOutputStream::Write (src/base/PdfOutputStream.cpp) (bsc#1075772)
- CVE-2019-10723: Fixed Memory leak in PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp (bsc#1131544)
- CVE-2019-9199: Fixed NULL pointer dereference in function PoDoFo:Impose:PdfTranslator:setSource() in pdftranslator.cpp (bsc#1127855)
- Fixed NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) (bsc#1023072)
Patchnames
SUSE-2024-3541,SUSE-SLE-SDK-12-SP5-2024-3541,SUSE-SLE-WE-12-SP5-2024-3541
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podofo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podofo fixes the following issues:\n\n - CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190)\n - CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787)\n - CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786)\n - CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785)\n - CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779)\n - CVE-2017-6849: Fixed NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) (bsc#1027776)\n - CVE-2017-8378: Fixed denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp) (bsc#1037000) \n - CVE-2018-5308: Fixed Undefined behavior (memcpy with NULL pointer) in PdfMemoryOutputStream::Write (src/base/PdfOutputStream.cpp) (bsc#1075772)\n - CVE-2019-10723: Fixed Memory leak in PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp (bsc#1131544)\n - CVE-2019-9199: Fixed NULL pointer dereference in function PoDoFo:Impose:PdfTranslator:setSource() in pdftranslator.cpp (bsc#1127855)\n\n - Fixed NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) (bsc#1023072)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3541,SUSE-SLE-SDK-12-SP5-2024-3541,SUSE-SLE-WE-12-SP5-2024-3541",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3541-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3541-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243541-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3541-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019558.html"
},
{
"category": "self",
"summary": "SUSE Bug 1023072",
"url": "https://bugzilla.suse.com/1023072"
},
{
"category": "self",
"summary": "SUSE Bug 1023190",
"url": "https://bugzilla.suse.com/1023190"
},
{
"category": "self",
"summary": "SUSE Bug 1027776",
"url": "https://bugzilla.suse.com/1027776"
},
{
"category": "self",
"summary": "SUSE Bug 1027779",
"url": "https://bugzilla.suse.com/1027779"
},
{
"category": "self",
"summary": "SUSE Bug 1027785",
"url": "https://bugzilla.suse.com/1027785"
},
{
"category": "self",
"summary": "SUSE Bug 1027786",
"url": "https://bugzilla.suse.com/1027786"
},
{
"category": "self",
"summary": "SUSE Bug 1027787",
"url": "https://bugzilla.suse.com/1027787"
},
{
"category": "self",
"summary": "SUSE Bug 1037000",
"url": "https://bugzilla.suse.com/1037000"
},
{
"category": "self",
"summary": "SUSE Bug 1075772",
"url": "https://bugzilla.suse.com/1075772"
},
{
"category": "self",
"summary": "SUSE Bug 1127855",
"url": "https://bugzilla.suse.com/1127855"
},
{
"category": "self",
"summary": "SUSE Bug 1131544",
"url": "https://bugzilla.suse.com/1131544"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8981 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8981/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5854 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6840 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6841 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6841/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6842 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6845 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6845/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-6849 page",
"url": "https://www.suse.com/security/cve/CVE-2017-6849/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8378 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5308 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10723 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9199 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9199/"
}
],
"title": "Security update for podofo",
"tracking": {
"current_release_date": "2024-10-08T08:33:37Z",
"generator": {
"date": "2024-10-08T08:33:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3541-1",
"initial_release_date": "2024-10-08T08:33:37Z",
"revision_history": [
{
"date": "2024-10-08T08:33:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.9.2-3.21.1.aarch64",
"product": {
"name": "libpodofo-devel-0.9.2-3.21.1.aarch64",
"product_id": "libpodofo-devel-0.9.2-3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpodofo0_9_2-0.9.2-3.21.1.aarch64",
"product": {
"name": "libpodofo0_9_2-0.9.2-3.21.1.aarch64",
"product_id": "libpodofo0_9_2-0.9.2-3.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "podofo-0.9.2-3.21.1.aarch64",
"product": {
"name": "podofo-0.9.2-3.21.1.aarch64",
"product_id": "podofo-0.9.2-3.21.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.9.2-3.21.1.i586",
"product": {
"name": "libpodofo-devel-0.9.2-3.21.1.i586",
"product_id": "libpodofo-devel-0.9.2-3.21.1.i586"
}
},
{
"category": "product_version",
"name": "libpodofo0_9_2-0.9.2-3.21.1.i586",
"product": {
"name": "libpodofo0_9_2-0.9.2-3.21.1.i586",
"product_id": "libpodofo0_9_2-0.9.2-3.21.1.i586"
}
},
{
"category": "product_version",
"name": "podofo-0.9.2-3.21.1.i586",
"product": {
"name": "podofo-0.9.2-3.21.1.i586",
"product_id": "podofo-0.9.2-3.21.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.9.2-3.21.1.ppc64le",
"product": {
"name": "libpodofo-devel-0.9.2-3.21.1.ppc64le",
"product_id": "libpodofo-devel-0.9.2-3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpodofo0_9_2-0.9.2-3.21.1.ppc64le",
"product": {
"name": "libpodofo0_9_2-0.9.2-3.21.1.ppc64le",
"product_id": "libpodofo0_9_2-0.9.2-3.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podofo-0.9.2-3.21.1.ppc64le",
"product": {
"name": "podofo-0.9.2-3.21.1.ppc64le",
"product_id": "podofo-0.9.2-3.21.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.9.2-3.21.1.s390",
"product": {
"name": "libpodofo-devel-0.9.2-3.21.1.s390",
"product_id": "libpodofo-devel-0.9.2-3.21.1.s390"
}
},
{
"category": "product_version",
"name": "libpodofo0_9_2-0.9.2-3.21.1.s390",
"product": {
"name": "libpodofo0_9_2-0.9.2-3.21.1.s390",
"product_id": "libpodofo0_9_2-0.9.2-3.21.1.s390"
}
},
{
"category": "product_version",
"name": "podofo-0.9.2-3.21.1.s390",
"product": {
"name": "podofo-0.9.2-3.21.1.s390",
"product_id": "podofo-0.9.2-3.21.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.9.2-3.21.1.s390x",
"product": {
"name": "libpodofo-devel-0.9.2-3.21.1.s390x",
"product_id": "libpodofo-devel-0.9.2-3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "libpodofo0_9_2-0.9.2-3.21.1.s390x",
"product": {
"name": "libpodofo0_9_2-0.9.2-3.21.1.s390x",
"product_id": "libpodofo0_9_2-0.9.2-3.21.1.s390x"
}
},
{
"category": "product_version",
"name": "podofo-0.9.2-3.21.1.s390x",
"product": {
"name": "podofo-0.9.2-3.21.1.s390x",
"product_id": "podofo-0.9.2-3.21.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libpodofo-devel-0.9.2-3.21.1.x86_64",
"product": {
"name": "libpodofo-devel-0.9.2-3.21.1.x86_64",
"product_id": "libpodofo-devel-0.9.2-3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpodofo0_9_2-0.9.2-3.21.1.x86_64",
"product": {
"name": "libpodofo0_9_2-0.9.2-3.21.1.x86_64",
"product_id": "libpodofo0_9_2-0.9.2-3.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "podofo-0.9.2-3.21.1.x86_64",
"product": {
"name": "podofo-0.9.2-3.21.1.x86_64",
"product_id": "podofo-0.9.2-3.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.2-3.21.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64"
},
"product_reference": "libpodofo-devel-0.9.2-3.21.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.2-3.21.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le"
},
"product_reference": "libpodofo-devel-0.9.2-3.21.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.2-3.21.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x"
},
"product_reference": "libpodofo-devel-0.9.2-3.21.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo-devel-0.9.2-3.21.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64"
},
"product_reference": "libpodofo-devel-0.9.2-3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpodofo0_9_2-0.9.2-3.21.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP5",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
},
"product_reference": "libpodofo0_9_2-0.9.2-3.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-8981",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8981"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8981",
"url": "https://www.suse.com/security/cve/CVE-2015-8981"
},
{
"category": "external",
"summary": "SUSE Bug 1023190 for CVE-2015-8981",
"url": "https://bugzilla.suse.com/1023190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-08T08:33:37Z",
"details": "moderate"
}
],
"title": "CVE-2015-8981"
},
{
"cve": "CVE-2017-5854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5854"
}
],
"notes": [
{
"category": "general",
"text": "base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5854",
"url": "https://www.suse.com/security/cve/CVE-2017-5854"
},
{
"category": "external",
"summary": "SUSE Bug 1023070 for CVE-2017-5854",
"url": "https://bugzilla.suse.com/1023070"
},
{
"category": "external",
"summary": "SUSE Bug 1096890 for CVE-2017-5854",
"url": "https://bugzilla.suse.com/1096890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-08T08:33:37Z",
"details": "moderate"
}
],
"title": "CVE-2017-5854"
},
{
"cve": "CVE-2017-6840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6840"
}
],
"notes": [
{
"category": "general",
"text": "The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6840",
"url": "https://www.suse.com/security/cve/CVE-2017-6840"
},
{
"category": "external",
"summary": "SUSE Bug 1027787 for CVE-2017-6840",
"url": "https://bugzilla.suse.com/1027787"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-08T08:33:37Z",
"details": "moderate"
}
],
"title": "CVE-2017-6840"
},
{
"cve": "CVE-2017-6841",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6841"
}
],
"notes": [
{
"category": "general",
"text": "The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6841",
"url": "https://www.suse.com/security/cve/CVE-2017-6841"
},
{
"category": "external",
"summary": "SUSE Bug 1027786 for CVE-2017-6841",
"url": "https://bugzilla.suse.com/1027786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-08T08:33:37Z",
"details": "moderate"
}
],
"title": "CVE-2017-6841"
},
{
"cve": "CVE-2017-6842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6842"
}
],
"notes": [
{
"category": "general",
"text": "The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6842",
"url": "https://www.suse.com/security/cve/CVE-2017-6842"
},
{
"category": "external",
"summary": "SUSE Bug 1027785 for CVE-2017-6842",
"url": "https://bugzilla.suse.com/1027785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-08T08:33:37Z",
"details": "moderate"
}
],
"title": "CVE-2017-6842"
},
{
"cve": "CVE-2017-6845",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6845"
}
],
"notes": [
{
"category": "general",
"text": "The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6845",
"url": "https://www.suse.com/security/cve/CVE-2017-6845"
},
{
"category": "external",
"summary": "SUSE Bug 1027779 for CVE-2017-6845",
"url": "https://bugzilla.suse.com/1027779"
},
{
"category": "external",
"summary": "SUSE Bug 1027781 for CVE-2017-6845",
"url": "https://bugzilla.suse.com/1027781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-08T08:33:37Z",
"details": "moderate"
}
],
"title": "CVE-2017-6845"
},
{
"cve": "CVE-2017-6849",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-6849"
}
],
"notes": [
{
"category": "general",
"text": "The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-6849",
"url": "https://www.suse.com/security/cve/CVE-2017-6849"
},
{
"category": "external",
"summary": "SUSE Bug 1027776 for CVE-2017-6849",
"url": "https://bugzilla.suse.com/1027776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-08T08:33:37Z",
"details": "moderate"
}
],
"title": "CVE-2017-6849"
},
{
"cve": "CVE-2017-8378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8378"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8378",
"url": "https://www.suse.com/security/cve/CVE-2017-8378"
},
{
"category": "external",
"summary": "SUSE Bug 1037000 for CVE-2017-8378",
"url": "https://bugzilla.suse.com/1037000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-08T08:33:37Z",
"details": "moderate"
}
],
"title": "CVE-2017-8378"
},
{
"cve": "CVE-2018-5308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5308"
}
],
"notes": [
{
"category": "general",
"text": "PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5308",
"url": "https://www.suse.com/security/cve/CVE-2018-5308"
},
{
"category": "external",
"summary": "SUSE Bug 1075772 for CVE-2018-5308",
"url": "https://bugzilla.suse.com/1075772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-08T08:33:37Z",
"details": "moderate"
}
],
"title": "CVE-2018-5308"
},
{
"cve": "CVE-2019-10723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10723"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10723",
"url": "https://www.suse.com/security/cve/CVE-2019-10723"
},
{
"category": "external",
"summary": "SUSE Bug 1131544 for CVE-2019-10723",
"url": "https://bugzilla.suse.com/1131544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-08T08:33:37Z",
"details": "moderate"
}
],
"title": "CVE-2019-10723"
},
{
"cve": "CVE-2019-9199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9199"
}
],
"notes": [
{
"category": "general",
"text": "PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9199",
"url": "https://www.suse.com/security/cve/CVE-2019-9199"
},
{
"category": "external",
"summary": "SUSE Bug 1127855 for CVE-2019-9199",
"url": "https://bugzilla.suse.com/1127855"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP5:libpodofo-devel-0.9.2-3.21.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP5:libpodofo0_9_2-0.9.2-3.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-08T08:33:37Z",
"details": "low"
}
],
"title": "CVE-2019-9199"
}
]
}
GSD-2019-9199
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-9199",
"description": "PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.",
"id": "GSD-2019-9199",
"references": [
"https://www.suse.com/security/cve/CVE-2019-9199.html",
"https://advisories.mageia.org/CVE-2019-9199.html",
"https://security.archlinux.org/CVE-2019-9199"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-9199"
],
"details": "PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.",
"id": "GSD-2019-9199",
"modified": "2023-12-13T01:23:47.041073Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/",
"refsource": "MISC",
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/"
},
{
"name": "https://sourceforge.net/p/podofo/tickets/40/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/podofo/tickets/40/"
},
{
"name": "FEDORA-2019-023ea18e20",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/"
},
{
"name": "FEDORA-2019-a1dc51a9e2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/"
},
{
"name": "https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8",
"refsource": "MISC",
"url": "https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8"
},
{
"name": "https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9",
"refsource": "MISC",
"url": "https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:podofo_project:podofo:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9199"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/podofo/tickets/40/",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/podofo/tickets/40/"
},
{
"name": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/"
},
{
"name": "FEDORA-2019-023ea18e20",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/"
},
{
"name": "FEDORA-2019-a1dc51a9e2",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/"
},
{
"name": "https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8",
"refsource": "MISC",
"tags": [],
"url": "https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8"
},
{
"name": "https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9",
"refsource": "MISC",
"tags": [],
"url": "https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-10-27T21:15Z",
"publishedDate": "2019-02-26T23:29Z"
}
}
}
FKIE_CVE-2019-9199
Vulnerability from fkie_nvd - Published: 2019-02-26 23:29 - Updated: 2024-11-21 04:51
Severity ?
Summary
PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9 | ||
| cve@mitre.org | https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8 | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/ | ||
| cve@mitre.org | https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/podofo/tickets/40/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/podofo/tickets/40/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| podofo_project | podofo | 0.9.6 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:podofo_project:podofo:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "389AF43A-D7A7-4AA6-9FEE-AE5023F8937C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact."
},
{
"lang": "es",
"value": "PoDoFo::Impose::PdfTranslator::setSource() en pdftranslator.cpp en la versi\u00f3n 0.9.6 de PoDoFo tiene una vulnerabilidad de desreferencia de puntero NULL que puede desencadenarse, por ejemplo, mediante el env\u00edo de un archivo PDF manipulado al binario podofoimpose. Permite a un atacante provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o tener otro impacto no especificado."
}
],
"id": "CVE-2019-9199",
"lastModified": "2024-11-21T04:51:11.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-26T23:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/podofo/tickets/40/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/jjanku/podofo/commit/ada821df68fb0bf673840ed525daf4ec709dbfd9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/mksdev/podofo/commit/1400a9aaf611299b9a56aa2abeb158918b9743c8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CIC2EXSSMBT3MY2HY42IIY4BUQS2SVYB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTJ5AAM6Y4NMSELEH7N5ZG4DNO56BCYF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-setsource-podofo-0-9-6-trunk-r1967/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/podofo/tickets/40/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…