Bugzilla – Bug 1149635
VUL-1: CVE-2018-21009: xpdf,poppler: integer overflow in Parser:makeStream in Parser.cc.
Last modified: 2024-07-26 10:10:18 UTC
CVE-2018-21009 Poppler before 0.76.0 has an integer overflow in Parser::makeStream in Parser.cc. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-21009 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21009 https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
Based on the commit fix [1] the version 0.66 is already fixed. Doing some investigation it seems that all the versions of our poppler and xpdf are affected. I could not locate any POC or further information. [1] https://gitlab.freedesktop.org/poppler/poppler/commit/0868c499a9f5f37f8df5c9fef03c37496b40fc8a
TW,15sp4,15sp2/poppler already fixed, 15,12sp2,12 need the patch.
SUSE-SU-2023:2838-1: An update that solves three vulnerabilities can now be installed. Category: security (moderate) Bug References: 1136105, 1149635, 1199272 CVE References: CVE-2018-21009, CVE-2019-12293, CVE-2022-27337 Sources used: openSUSE Leap 15.4 (src): poppler-0.62.0-150000.4.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
I believe all fixed.
SUSE-SU-2023:2907-1: An update that solves 14 vulnerabilities can now be installed. Category: security (moderate) Bug References: 1092945, 1102531, 1107597, 1114966, 1115185, 1115186, 1115187, 1115626, 1120939, 1124150, 1136105, 1149635, 1199272 CVE References: CVE-2017-18267, CVE-2018-13988, CVE-2018-16646, CVE-2018-18897, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060, CVE-2018-19149, CVE-2018-20481, CVE-2018-20650, CVE-2018-21009, CVE-2019-12293, CVE-2019-7310, CVE-2022-27337 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): poppler-qt-0.43.0-16.25.1, poppler-0.43.0-16.25.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): poppler-qt-0.43.0-16.25.1, poppler-0.43.0-16.25.1 SUSE Linux Enterprise Server 12 SP5 (src): poppler-qt-0.43.0-16.25.1, poppler-0.43.0-16.25.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): poppler-qt-0.43.0-16.25.1, poppler-0.43.0-16.25.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2906-1: An update that solves 13 vulnerabilities can now be installed. Category: security (moderate) Bug References: 1092945, 1102531, 1107597, 1114966, 1115185, 1115186, 1115187, 1115626, 1120939, 1124150, 1149635, 1199272 CVE References: CVE-2017-18267, CVE-2018-13988, CVE-2018-16646, CVE-2018-18897, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060, CVE-2018-19149, CVE-2018-20481, CVE-2018-20650, CVE-2018-21009, CVE-2019-7310, CVE-2022-27337 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): poppler-0.24.4-14.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All done, closing.