Bugzilla – Bug 1102531
VUL-1: poppler: CVE-2018-13988 poppler: buffer overflow in pdfunite
Last modified: 2024-07-25 03:37:01 UTC
rh#1602838 A flaw was found in Poppler library through version 0.62 contains a Buffer Overflow vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file. References: https://bugzilla.redhat.com/show_bug.cgi?id=1602838 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13988
Upstream patch: https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee
These codestreams are definitely affected and the upstream patch should be easily applicable: SUSE:SLE-12:Update SUSE:SLE-12-SP2:Update SUSE:SLE-15:Update These codestreams differ, but still do not check the num variable: SUSE:SLE-10-SP3:Update SUSE:SLE-11-SP1:Update
SUSE-SU-2021:3854-1: An update that fixes 21 vulnerabilities is now available. Category: security (important) Bug References: 1092945,1102531,1107597,1114966,1115185,1115186,1115187,1115626,1120495,1120496,1120939,1120956,1124150,1127329,1129202,1130229,1131696,1131722,1142465,1143950,1179163 CVE References: CVE-2017-18267,CVE-2018-13988,CVE-2018-16646,CVE-2018-18897,CVE-2018-19058,CVE-2018-19059,CVE-2018-19060,CVE-2018-19149,CVE-2018-20481,CVE-2018-20551,CVE-2018-20650,CVE-2018-20662,CVE-2019-10871,CVE-2019-10872,CVE-2019-14494,CVE-2019-7310,CVE-2019-9200,CVE-2019-9631,CVE-2019-9903,CVE-2019-9959,CVE-2020-27778 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP2 (src): poppler-0.62.0-4.6.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): poppler-0.62.0-4.6.1 SUSE Linux Enterprise Server for SAP 15 (src): poppler-0.62.0-4.6.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): poppler-0.62.0-4.6.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): poppler-0.62.0-4.6.1 SUSE Linux Enterprise Server 15-LTSS (src): poppler-0.62.0-4.6.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): poppler-0.62.0-4.6.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): poppler-0.62.0-4.6.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): poppler-0.62.0-4.6.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): poppler-0.62.0-4.6.1 SUSE Enterprise Storage 6 (src): poppler-0.62.0-4.6.1 SUSE CaaS Platform 4.0 (src): poppler-0.62.0-4.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3854-1: An update that fixes 21 vulnerabilities is now available. Category: security (important) Bug References: 1092945,1102531,1107597,1114966,1115185,1115186,1115187,1115626,1120495,1120496,1120939,1120956,1124150,1127329,1129202,1130229,1131696,1131722,1142465,1143950,1179163 CVE References: CVE-2017-18267,CVE-2018-13988,CVE-2018-16646,CVE-2018-18897,CVE-2018-19058,CVE-2018-19059,CVE-2018-19060,CVE-2018-19149,CVE-2018-20481,CVE-2018-20551,CVE-2018-20650,CVE-2018-20662,CVE-2019-10871,CVE-2019-10872,CVE-2019-14494,CVE-2019-7310,CVE-2019-9200,CVE-2019-9631,CVE-2019-9903,CVE-2019-9959,CVE-2020-27778 JIRA References: Sources used: openSUSE Leap 15.3 (src): poppler-0.62.0-4.6.1
No testcase found. Will submit for 12sp2,12/poppler.
(15+ is fixed already either by patch or version update)
I believe all fixed.
SUSE-SU-2023:2907-1: An update that solves 14 vulnerabilities can now be installed. Category: security (moderate) Bug References: 1092945, 1102531, 1107597, 1114966, 1115185, 1115186, 1115187, 1115626, 1120939, 1124150, 1136105, 1149635, 1199272 CVE References: CVE-2017-18267, CVE-2018-13988, CVE-2018-16646, CVE-2018-18897, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060, CVE-2018-19149, CVE-2018-20481, CVE-2018-20650, CVE-2018-21009, CVE-2019-12293, CVE-2019-7310, CVE-2022-27337 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): poppler-qt-0.43.0-16.25.1, poppler-0.43.0-16.25.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): poppler-qt-0.43.0-16.25.1, poppler-0.43.0-16.25.1 SUSE Linux Enterprise Server 12 SP5 (src): poppler-qt-0.43.0-16.25.1, poppler-0.43.0-16.25.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): poppler-qt-0.43.0-16.25.1, poppler-0.43.0-16.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2906-1: An update that solves 13 vulnerabilities can now be installed. Category: security (moderate) Bug References: 1092945, 1102531, 1107597, 1114966, 1115185, 1115186, 1115187, 1115626, 1120939, 1124150, 1149635, 1199272 CVE References: CVE-2017-18267, CVE-2018-13988, CVE-2018-16646, CVE-2018-18897, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060, CVE-2018-19149, CVE-2018-20481, CVE-2018-20650, CVE-2018-21009, CVE-2019-7310, CVE-2022-27337 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): poppler-0.24.4-14.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.