Upstream information

CVE-2018-20751 at MITRE

Description

An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1124357 [NEW]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Build System Kit 12 SP4
  • libpodofo-devel >= 0.9.2-3.9.2
  • podofo >= 0.9.2-3.9.2
Patchnames:
SUSE-SLE-BSK-12-SP4-2019-1849
SUSE Linux Enterprise Desktop 12 SP4
  • libpodofo0_9_2 >= 0.9.2-3.9.2
  • podofo >= 0.9.2-3.9.2
Patchnames:
SUSE-SLE-DESKTOP-12-SP4-2019-1849
SUSE Linux Enterprise Software Development Kit 12 SP4
  • libpodofo-devel >= 0.9.2-3.9.2
  • podofo >= 0.9.2-3.9.2
Patchnames:
SUSE-SLE-SDK-12-SP4-2019-1849
SUSE Linux Enterprise Software Development Kit 12 SP5
  • libpodofo-devel >= 0.9.2-3.9.2
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP5 GA libpodofo-devel
SUSE Linux Enterprise Workstation Extension 12 SP4
  • libpodofo0_9_2 >= 0.9.2-3.9.2
  • podofo >= 0.9.2-3.9.2
Patchnames:
SUSE-SLE-WE-12-SP4-2019-1849
SUSE Linux Enterprise Workstation Extension 12 SP5
  • libpodofo0_9_2 >= 0.9.2-3.9.2
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP5 GA libpodofo0_9_2