suse-su-2023:2906-1
Vulnerability from csaf_suse
Published
2023-07-20 08:19
    Modified
2023-07-20 08:19
    Summary
Security update for poppler
    Notes
Title of the patch
Security update for poppler
    Description of the patch
This update for poppler fixes the following issues:
  - CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272).
  - CVE-2018-21009: Fixed integer overflow in Parser:makeStream in Parser.cc (bsc#1149635).
  - CVE-2018-20481: Fixed memory leak in GfxColorSpace:setDisplayProfile in GfxState.cc (bsc#1114966).
  - CVE-2019-7310: Fixed a heap-based buffer over-read allows remote attackers to cause DOS via a special crafted PDF (bsc#1124150).
  - CVE-2018-13988: Fixed buffer overflow in pdfunite (bsc#1102531).
  - CVE-2018-16646: Fixed infinite recursion in poppler/Parser.cc:Parser::getObj() function (bsc#1107597).
  - CVE-2018-19058: Fixed reachable abort in Object.h leading to denial of service (bsc#1115187).
  - CVE-2018-19059: Fixed out-of-bounds read in EmbFile:save2 in FileSpec.cc leading to denial of service (bsc#1115186).
  - CVE-2018-19060: Fixed NULL pointer dereference in goo/GooString.h leading to denial of service (bsc#1115185).
  - CVE-2018-19149: Fixed NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment (bsc#1115626).
  - CVE-2017-18267: Fixed denial of service (infinite recursion) via a crafted PDF file (bsc#1092945).
  - CVE-2018-20650: Fixed issue where a reachable Object in dictLookup assertion allows attackers to cause DOS (bsc#1120939).
    Patchnames
SUSE-2023-2906,SUSE-SLE-SDK-12-SP5-2023-2906
    Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
    {
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for poppler",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for poppler fixes the following issues:\n\n  - CVE-2022-27337: Fixed a logic error in the Hints::Hints function which can cause denial of service (bsc#1199272).\n  - CVE-2018-21009: Fixed integer overflow in Parser:makeStream in Parser.cc (bsc#1149635).\n  - CVE-2018-20481: Fixed memory leak in GfxColorSpace:setDisplayProfile in GfxState.cc (bsc#1114966).\n  - CVE-2019-7310: Fixed a heap-based buffer over-read allows remote attackers to cause DOS via a special crafted PDF (bsc#1124150).\n  - CVE-2018-13988: Fixed buffer overflow in pdfunite (bsc#1102531).\n  - CVE-2018-16646: Fixed infinite recursion in poppler/Parser.cc:Parser::getObj() function (bsc#1107597).\n  - CVE-2018-19058: Fixed reachable abort in Object.h leading to denial of service (bsc#1115187).\n  - CVE-2018-19059: Fixed out-of-bounds read in EmbFile:save2 in FileSpec.cc leading to denial of service (bsc#1115186).\n  - CVE-2018-19060: Fixed NULL pointer dereference in goo/GooString.h leading to denial of service (bsc#1115185).\n  - CVE-2018-19149: Fixed NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment (bsc#1115626).\n  - CVE-2017-18267: Fixed denial of service (infinite recursion) via a crafted PDF file (bsc#1092945).\n  - CVE-2018-20650: Fixed issue where a reachable Object in dictLookup assertion allows attackers to cause DOS (bsc#1120939).\n\n\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-2906,SUSE-SLE-SDK-12-SP5-2023-2906",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2906-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:2906-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20232906-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:2906-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2023-July/030447.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1092945",
        "url": "https://bugzilla.suse.com/1092945"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102531",
        "url": "https://bugzilla.suse.com/1102531"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1107597",
        "url": "https://bugzilla.suse.com/1107597"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1114966",
        "url": "https://bugzilla.suse.com/1114966"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1115185",
        "url": "https://bugzilla.suse.com/1115185"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1115186",
        "url": "https://bugzilla.suse.com/1115186"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1115187",
        "url": "https://bugzilla.suse.com/1115187"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1115626",
        "url": "https://bugzilla.suse.com/1115626"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1120939",
        "url": "https://bugzilla.suse.com/1120939"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1124150",
        "url": "https://bugzilla.suse.com/1124150"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1149635",
        "url": "https://bugzilla.suse.com/1149635"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1199272",
        "url": "https://bugzilla.suse.com/1199272"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-18267 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-18267/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-13988 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-13988/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-16646 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-16646/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-18897 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-18897/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19058 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19058/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19059 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19059/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19060 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19060/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19149 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19149/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20481 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20481/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-20650 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-20650/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-21009 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-21009/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-7310 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-7310/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-27337 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-27337/"
      }
    ],
    "title": "Security update for poppler",
    "tracking": {
      "current_release_date": "2023-07-20T08:19:44Z",
      "generator": {
        "date": "2023-07-20T08:19:44Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:2906-1",
      "initial_release_date": "2023-07-20T08:19:44Z",
      "revision_history": [
        {
          "date": "2023-07-20T08:19:44Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpoppler-cpp0-0.24.4-14.26.1.aarch64",
                "product": {
                  "name": "libpoppler-cpp0-0.24.4-14.26.1.aarch64",
                  "product_id": "libpoppler-cpp0-0.24.4-14.26.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-devel-0.24.4-14.26.1.aarch64",
                "product": {
                  "name": "libpoppler-devel-0.24.4-14.26.1.aarch64",
                  "product_id": "libpoppler-devel-0.24.4-14.26.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-glib-devel-0.24.4-14.26.1.aarch64",
                "product": {
                  "name": "libpoppler-glib-devel-0.24.4-14.26.1.aarch64",
                  "product_id": "libpoppler-glib-devel-0.24.4-14.26.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-glib8-0.24.4-14.26.1.aarch64",
                "product": {
                  "name": "libpoppler-glib8-0.24.4-14.26.1.aarch64",
                  "product_id": "libpoppler-glib8-0.24.4-14.26.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-qt4-4-0.24.4-14.26.1.aarch64",
                "product": {
                  "name": "libpoppler-qt4-4-0.24.4-14.26.1.aarch64",
                  "product_id": "libpoppler-qt4-4-0.24.4-14.26.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-qt4-devel-0.24.4-14.26.1.aarch64",
                "product": {
                  "name": "libpoppler-qt4-devel-0.24.4-14.26.1.aarch64",
                  "product_id": "libpoppler-qt4-devel-0.24.4-14.26.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler44-0.24.4-14.26.1.aarch64",
                "product": {
                  "name": "libpoppler44-0.24.4-14.26.1.aarch64",
                  "product_id": "libpoppler44-0.24.4-14.26.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "poppler-tools-0.24.4-14.26.1.aarch64",
                "product": {
                  "name": "poppler-tools-0.24.4-14.26.1.aarch64",
                  "product_id": "poppler-tools-0.24.4-14.26.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.aarch64",
                "product": {
                  "name": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.aarch64",
                  "product_id": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpoppler-cpp0-0.24.4-14.26.1.i586",
                "product": {
                  "name": "libpoppler-cpp0-0.24.4-14.26.1.i586",
                  "product_id": "libpoppler-cpp0-0.24.4-14.26.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-devel-0.24.4-14.26.1.i586",
                "product": {
                  "name": "libpoppler-devel-0.24.4-14.26.1.i586",
                  "product_id": "libpoppler-devel-0.24.4-14.26.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-glib-devel-0.24.4-14.26.1.i586",
                "product": {
                  "name": "libpoppler-glib-devel-0.24.4-14.26.1.i586",
                  "product_id": "libpoppler-glib-devel-0.24.4-14.26.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-glib8-0.24.4-14.26.1.i586",
                "product": {
                  "name": "libpoppler-glib8-0.24.4-14.26.1.i586",
                  "product_id": "libpoppler-glib8-0.24.4-14.26.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-qt4-4-0.24.4-14.26.1.i586",
                "product": {
                  "name": "libpoppler-qt4-4-0.24.4-14.26.1.i586",
                  "product_id": "libpoppler-qt4-4-0.24.4-14.26.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-qt4-devel-0.24.4-14.26.1.i586",
                "product": {
                  "name": "libpoppler-qt4-devel-0.24.4-14.26.1.i586",
                  "product_id": "libpoppler-qt4-devel-0.24.4-14.26.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler44-0.24.4-14.26.1.i586",
                "product": {
                  "name": "libpoppler44-0.24.4-14.26.1.i586",
                  "product_id": "libpoppler44-0.24.4-14.26.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "poppler-tools-0.24.4-14.26.1.i586",
                "product": {
                  "name": "poppler-tools-0.24.4-14.26.1.i586",
                  "product_id": "poppler-tools-0.24.4-14.26.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.i586",
                "product": {
                  "name": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.i586",
                  "product_id": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpoppler-cpp0-0.24.4-14.26.1.ppc64le",
                "product": {
                  "name": "libpoppler-cpp0-0.24.4-14.26.1.ppc64le",
                  "product_id": "libpoppler-cpp0-0.24.4-14.26.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-devel-0.24.4-14.26.1.ppc64le",
                "product": {
                  "name": "libpoppler-devel-0.24.4-14.26.1.ppc64le",
                  "product_id": "libpoppler-devel-0.24.4-14.26.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-glib-devel-0.24.4-14.26.1.ppc64le",
                "product": {
                  "name": "libpoppler-glib-devel-0.24.4-14.26.1.ppc64le",
                  "product_id": "libpoppler-glib-devel-0.24.4-14.26.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-glib8-0.24.4-14.26.1.ppc64le",
                "product": {
                  "name": "libpoppler-glib8-0.24.4-14.26.1.ppc64le",
                  "product_id": "libpoppler-glib8-0.24.4-14.26.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-qt4-4-0.24.4-14.26.1.ppc64le",
                "product": {
                  "name": "libpoppler-qt4-4-0.24.4-14.26.1.ppc64le",
                  "product_id": "libpoppler-qt4-4-0.24.4-14.26.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-qt4-devel-0.24.4-14.26.1.ppc64le",
                "product": {
                  "name": "libpoppler-qt4-devel-0.24.4-14.26.1.ppc64le",
                  "product_id": "libpoppler-qt4-devel-0.24.4-14.26.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler44-0.24.4-14.26.1.ppc64le",
                "product": {
                  "name": "libpoppler44-0.24.4-14.26.1.ppc64le",
                  "product_id": "libpoppler44-0.24.4-14.26.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "poppler-tools-0.24.4-14.26.1.ppc64le",
                "product": {
                  "name": "poppler-tools-0.24.4-14.26.1.ppc64le",
                  "product_id": "poppler-tools-0.24.4-14.26.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.ppc64le",
                "product": {
                  "name": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.ppc64le",
                  "product_id": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpoppler-cpp0-0.24.4-14.26.1.s390",
                "product": {
                  "name": "libpoppler-cpp0-0.24.4-14.26.1.s390",
                  "product_id": "libpoppler-cpp0-0.24.4-14.26.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-devel-0.24.4-14.26.1.s390",
                "product": {
                  "name": "libpoppler-devel-0.24.4-14.26.1.s390",
                  "product_id": "libpoppler-devel-0.24.4-14.26.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-glib-devel-0.24.4-14.26.1.s390",
                "product": {
                  "name": "libpoppler-glib-devel-0.24.4-14.26.1.s390",
                  "product_id": "libpoppler-glib-devel-0.24.4-14.26.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-glib8-0.24.4-14.26.1.s390",
                "product": {
                  "name": "libpoppler-glib8-0.24.4-14.26.1.s390",
                  "product_id": "libpoppler-glib8-0.24.4-14.26.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-qt4-4-0.24.4-14.26.1.s390",
                "product": {
                  "name": "libpoppler-qt4-4-0.24.4-14.26.1.s390",
                  "product_id": "libpoppler-qt4-4-0.24.4-14.26.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-qt4-devel-0.24.4-14.26.1.s390",
                "product": {
                  "name": "libpoppler-qt4-devel-0.24.4-14.26.1.s390",
                  "product_id": "libpoppler-qt4-devel-0.24.4-14.26.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler44-0.24.4-14.26.1.s390",
                "product": {
                  "name": "libpoppler44-0.24.4-14.26.1.s390",
                  "product_id": "libpoppler44-0.24.4-14.26.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "poppler-tools-0.24.4-14.26.1.s390",
                "product": {
                  "name": "poppler-tools-0.24.4-14.26.1.s390",
                  "product_id": "poppler-tools-0.24.4-14.26.1.s390"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.s390",
                "product": {
                  "name": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.s390",
                  "product_id": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpoppler-cpp0-0.24.4-14.26.1.s390x",
                "product": {
                  "name": "libpoppler-cpp0-0.24.4-14.26.1.s390x",
                  "product_id": "libpoppler-cpp0-0.24.4-14.26.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-devel-0.24.4-14.26.1.s390x",
                "product": {
                  "name": "libpoppler-devel-0.24.4-14.26.1.s390x",
                  "product_id": "libpoppler-devel-0.24.4-14.26.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-glib-devel-0.24.4-14.26.1.s390x",
                "product": {
                  "name": "libpoppler-glib-devel-0.24.4-14.26.1.s390x",
                  "product_id": "libpoppler-glib-devel-0.24.4-14.26.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-glib8-0.24.4-14.26.1.s390x",
                "product": {
                  "name": "libpoppler-glib8-0.24.4-14.26.1.s390x",
                  "product_id": "libpoppler-glib8-0.24.4-14.26.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-qt4-4-0.24.4-14.26.1.s390x",
                "product": {
                  "name": "libpoppler-qt4-4-0.24.4-14.26.1.s390x",
                  "product_id": "libpoppler-qt4-4-0.24.4-14.26.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-qt4-devel-0.24.4-14.26.1.s390x",
                "product": {
                  "name": "libpoppler-qt4-devel-0.24.4-14.26.1.s390x",
                  "product_id": "libpoppler-qt4-devel-0.24.4-14.26.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler44-0.24.4-14.26.1.s390x",
                "product": {
                  "name": "libpoppler44-0.24.4-14.26.1.s390x",
                  "product_id": "libpoppler44-0.24.4-14.26.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "poppler-tools-0.24.4-14.26.1.s390x",
                "product": {
                  "name": "poppler-tools-0.24.4-14.26.1.s390x",
                  "product_id": "poppler-tools-0.24.4-14.26.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.s390x",
                "product": {
                  "name": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.s390x",
                  "product_id": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpoppler-cpp0-0.24.4-14.26.1.x86_64",
                "product": {
                  "name": "libpoppler-cpp0-0.24.4-14.26.1.x86_64",
                  "product_id": "libpoppler-cpp0-0.24.4-14.26.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-devel-0.24.4-14.26.1.x86_64",
                "product": {
                  "name": "libpoppler-devel-0.24.4-14.26.1.x86_64",
                  "product_id": "libpoppler-devel-0.24.4-14.26.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-glib-devel-0.24.4-14.26.1.x86_64",
                "product": {
                  "name": "libpoppler-glib-devel-0.24.4-14.26.1.x86_64",
                  "product_id": "libpoppler-glib-devel-0.24.4-14.26.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-glib8-0.24.4-14.26.1.x86_64",
                "product": {
                  "name": "libpoppler-glib8-0.24.4-14.26.1.x86_64",
                  "product_id": "libpoppler-glib8-0.24.4-14.26.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-qt4-4-0.24.4-14.26.1.x86_64",
                "product": {
                  "name": "libpoppler-qt4-4-0.24.4-14.26.1.x86_64",
                  "product_id": "libpoppler-qt4-4-0.24.4-14.26.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler-qt4-devel-0.24.4-14.26.1.x86_64",
                "product": {
                  "name": "libpoppler-qt4-devel-0.24.4-14.26.1.x86_64",
                  "product_id": "libpoppler-qt4-devel-0.24.4-14.26.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpoppler44-0.24.4-14.26.1.x86_64",
                "product": {
                  "name": "libpoppler44-0.24.4-14.26.1.x86_64",
                  "product_id": "libpoppler44-0.24.4-14.26.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "poppler-tools-0.24.4-14.26.1.x86_64",
                "product": {
                  "name": "poppler-tools-0.24.4-14.26.1.x86_64",
                  "product_id": "poppler-tools-0.24.4-14.26.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.x86_64",
                "product": {
                  "name": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.x86_64",
                  "product_id": "typelib-1_0-Poppler-0_18-0.24.4-14.26.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-sdk:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpoppler44-0.24.4-14.26.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64"
        },
        "product_reference": "libpoppler44-0.24.4-14.26.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpoppler44-0.24.4-14.26.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le"
        },
        "product_reference": "libpoppler44-0.24.4-14.26.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpoppler44-0.24.4-14.26.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x"
        },
        "product_reference": "libpoppler44-0.24.4-14.26.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpoppler44-0.24.4-14.26.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
          "product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        },
        "product_reference": "libpoppler44-0.24.4-14.26.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-18267",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-18267"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-18267",
          "url": "https://www.suse.com/security/cve/CVE-2017-18267"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1092945 for CVE-2017-18267",
          "url": "https://bugzilla.suse.com/1092945"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2017-18267"
    },
    {
      "cve": "CVE-2018-13988",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-13988"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-13988",
          "url": "https://www.suse.com/security/cve/CVE-2018-13988"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102531 for CVE-2018-13988",
          "url": "https://bugzilla.suse.com/1102531"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-13988"
    },
    {
      "cve": "CVE-2018-16646",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-16646"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-16646",
          "url": "https://www.suse.com/security/cve/CVE-2018-16646"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1107597 for CVE-2018-16646",
          "url": "https://bugzilla.suse.com/1107597"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1140882 for CVE-2018-16646",
          "url": "https://bugzilla.suse.com/1140882"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-16646"
    },
    {
      "cve": "CVE-2018-18897",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-18897"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-18897",
          "url": "https://www.suse.com/security/cve/CVE-2018-18897"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1114966 for CVE-2018-18897",
          "url": "https://bugzilla.suse.com/1114966"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-18897"
    },
    {
      "cve": "CVE-2018-19058",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19058"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19058",
          "url": "https://www.suse.com/security/cve/CVE-2018-19058"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115187 for CVE-2018-19058",
          "url": "https://bugzilla.suse.com/1115187"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19058"
    },
    {
      "cve": "CVE-2018-19059",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19059"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19059",
          "url": "https://www.suse.com/security/cve/CVE-2018-19059"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115186 for CVE-2018-19059",
          "url": "https://bugzilla.suse.com/1115186"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19059"
    },
    {
      "cve": "CVE-2018-19060",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19060"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19060",
          "url": "https://www.suse.com/security/cve/CVE-2018-19060"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115185 for CVE-2018-19060",
          "url": "https://bugzilla.suse.com/1115185"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19060"
    },
    {
      "cve": "CVE-2018-19149",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19149"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19149",
          "url": "https://www.suse.com/security/cve/CVE-2018-19149"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115626 for CVE-2018-19149",
          "url": "https://bugzilla.suse.com/1115626"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-19149"
    },
    {
      "cve": "CVE-2018-20481",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20481"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20481",
          "url": "https://www.suse.com/security/cve/CVE-2018-20481"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120495 for CVE-2018-20481",
          "url": "https://bugzilla.suse.com/1120495"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-20481"
    },
    {
      "cve": "CVE-2018-20650",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-20650"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-20650",
          "url": "https://www.suse.com/security/cve/CVE-2018-20650"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120939 for CVE-2018-20650",
          "url": "https://bugzilla.suse.com/1120939"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1120956 for CVE-2018-20650",
          "url": "https://bugzilla.suse.com/1120956"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-20650"
    },
    {
      "cve": "CVE-2018-21009",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-21009"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-21009",
          "url": "https://www.suse.com/security/cve/CVE-2018-21009"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1149635 for CVE-2018-21009",
          "url": "https://bugzilla.suse.com/1149635"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-21009"
    },
    {
      "cve": "CVE-2019-7310",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-7310"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-7310",
          "url": "https://www.suse.com/security/cve/CVE-2019-7310"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1124150 for CVE-2019-7310",
          "url": "https://bugzilla.suse.com/1124150"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-7310"
    },
    {
      "cve": "CVE-2022-27337",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-27337"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-27337",
          "url": "https://www.suse.com/security/cve/CVE-2022-27337"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1199272 for CVE-2022-27337",
          "url": "https://bugzilla.suse.com/1199272"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1225040 for CVE-2022-27337",
          "url": "https://bugzilla.suse.com/1225040"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.aarch64",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.ppc64le",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 12 SP5:libpoppler44-0.24.4-14.26.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-20T08:19:44Z",
          "details": "low"
        }
      ],
      "title": "CVE-2022-27337"
    }
  ]
}
  Loading…
      Loading…
      Sightings
| Author | Source | Type | Date | 
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
      Loading…