Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

SUSE-SU-2024:3541-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2024:3541-1

UNKNOWN

Security update for podofo

Published Oct 8, 2024

Modified 1 years ago

Fix available

Details

This update for podofo fixes the following issues:

CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190)
CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787)
CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786)
CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785)
CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779)
CVE-2017-6849: Fixed NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) (bsc#1027776)
CVE-2017-8378: Fixed denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp) (bsc#1037000)
CVE-2018-5308: Fixed Undefined behavior (memcpy with NULL pointer) in PdfMemoryOutputStream::Write (src/base/PdfOutputStream.cpp) (bsc#1075772)
CVE-2019-10723: Fixed Memory leak in PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp (bsc#1131544)
CVE-2019-9199: Fixed NULL pointer dereference in function PoDoFo:Impose:PdfTranslator:setSource() in pdftranslator.cpp (bsc#1127855)
Fixed NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) (bsc#1023072)

Affected Packages

SUSE:Linux Enterprise Software Development Kit 12 SP5libpodofo-devel

Fixed in:

0.9.2-3.21.1

SUSE:Linux Enterprise Software Development Kit 12 SP5podofo

Fixed in:

0.9.2-3.21.1

SUSE:Linux Enterprise Workstation Extension 12 SP5libpodofo0_9_2

Fixed in:

0.9.2-3.21.1

SUSE:Linux Enterprise Workstation Extension 12 SP5podofo

Fixed in:

0.9.2-3.21.1

References

REPORThttps://bugzilla.suse.com/1023072 REPORThttps://bugzilla.suse.com/1023190 REPORThttps://bugzilla.suse.com/1027776 REPORThttps://bugzilla.suse.com/1027779 REPORThttps://bugzilla.suse.com/1027785 REPORThttps://bugzilla.suse.com/1027786 REPORThttps://bugzilla.suse.com/1027787 REPORThttps://bugzilla.suse.com/1037000 REPORThttps://bugzilla.suse.com/1075772 REPORThttps://bugzilla.suse.com/1127855 REPORThttps://bugzilla.suse.com/1131544 WEBhttps://www.suse.com/security/cve/CVE-2015-8981 WEBhttps://www.suse.com/security/cve/CVE-2017-5854 WEBhttps://www.suse.com/security/cve/CVE-2017-6840 WEBhttps://www.suse.com/security/cve/CVE-2017-6841 WEBhttps://www.suse.com/security/cve/CVE-2017-6842 WEBhttps://www.suse.com/security/cve/CVE-2017-6845 WEBhttps://www.suse.com/security/cve/CVE-2017-6849 WEBhttps://www.suse.com/security/cve/CVE-2017-8378 WEBhttps://www.suse.com/security/cve/CVE-2018-5308 WEBhttps://www.suse.com/security/cve/CVE-2019-10723 WEBhttps://www.suse.com/security/cve/CVE-2019-9199 ADVISORYhttps://www.suse.com/support/update/announcement/2024/suse-su-20243541-1/

Upstream

CVE-2015-8981 CVE-2017-5854 CVE-2017-6840 CVE-2017-6841 CVE-2017-6842 CVE-2017-6845 CVE-2017-6849 CVE-2017-8378 CVE-2018-5308 CVE-2019-10723 CVE-2019-9199

Related

CVE-2015-8981 CVE-2017-5854 CVE-2017-6840 CVE-2017-6841 CVE-2017-6842 CVE-2017-6845 CVE-2017-6849 CVE-2017-8378 CVE-2018-5308 CVE-2019-10723 CVE-2019-9199

Ecosystems

SUSE Linux Enterprise Software Development Kit 12 SP5 SUSE Linux Enterprise Workstation Extension 12 SP5

Timeline

PublishedOct 8, 2024

ModifiedOct 8, 2024