[Bug 1190179] New: VUL-1: CVE-2020-18972: podofo: memory leak in IsNextToken() in src/base/PdfTokenizer.cpp
https://bugzilla.suse.com/show_bug.cgi?id=1190179 Bug ID: 1190179 Summary: VUL-1: CVE-2020-18972: podofo: memory leak in IsNextToken() in src/base/PdfTokenizer.cpp Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other URL: https://smash.suse.de/issue/308328/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: adrian.schroeter@suse.com Reporter: gabriele.sonnu@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. Reference: https://sourceforge.net/p/podofo/tickets/49/ References: https://bugzilla.redhat.com/show_bug.cgi?id=1998607 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18972 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18972 https://sourceforge.net/p/podofo/tickets/49/ -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190179 https://bugzilla.suse.com/show_bug.cgi?id=1190179#c1 --- Comment #1 from Gabriele Sonnu <gabriele.sonnu@suse.com> --- Bug details and reproducer: https://sourceforge.net/p/podofo/tickets/49/ I cannot reproduce the issue in any of the codestreams. Seems to be already fixed, but please double check. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190179 Maintenance Robot <maint-coord+maintenance_robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190179 https://bugzilla.suse.com/show_bug.cgi?id=1190179#c2 Adrian Schr�ter <adrian.schroeter@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gabriele.sonnu@suse.com Flags| |needinfo?(gabriele.sonnu@su | |se.com) --- Comment #2 from Adrian Schr�ter <adrian.schroeter@suse.com> --- I am not the maintainer of the package. Actually, it is in none of our maintained code streams, so why is the bug created at all? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1190179 Gabriele Sonnu <gabriele.sonnu@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|adrian.schroeter@suse.com |gnome-bugs@suse.de -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com