advisories/24250.adv

type: security
subject: Updated poppler packages fix security vulnerability
CVE:
 - CVE-2018-18897
 - CVE-2018-20481
 - CVE-2018-20551
 - CVE-2018-20650
 - CVE-2019-7310
src:
  6:
   core:
     - poppler-0.52.0-3.11.mga6
description: |
  An issue was discovered in Poppler 0.71.0. There is a memory leak in
  GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by
  pdftocairo. (CVE-2018-18897)

  XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef
  entries, which allows remote attackers to cause a denial of service (NULL
  pointer dereference) via a crafted PDF document, when XRefEntry::setFlag
  in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481)

  A reachable Object::getString assertion in Poppler 0.72.0 allows attackers
  to cause a denial of service due to construction of invalid rich media
  annotation assets in the AnnotRichMedia class in Annot.c. (CVE-2018-20551)

  A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers
  to cause a denial of service due to the lack of a check for the dict data
  type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in
  pdfdetach. (CVE-2018-20650)

  In Poppler 0.73.0, a heap-based buffer over-read (due to an integer
  signedness error in the XRef::getEntry function in XRef.cc) allows remote
  attackers to cause a denial of service (application crash) or possibly
  have unspecified other impact via a crafted PDF document, as demonstrated
  by pdftocairo. (CVE-2019-7310)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24250
 - https://usn.ubuntu.com/3865-1/
 - https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20481.html
 - https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20650.html
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CH33MK2BAV326CV7IKYGMFO4IYX552Z2/
 - https://usn.ubuntu.com/3886-1/
ID: MGASA-2019-0092
1	type: security
2	subject: Updated poppler packages fix security vulnerability
3	CVE:
4	- CVE-2018-18897
5	- CVE-2018-20481
6	- CVE-2018-20551
7	- CVE-2018-20650
8	- CVE-2019-7310
9	src:
10	6:
11	core:
12	- poppler-0.52.0-3.11.mga6
13	description: \|
14	An issue was discovered in Poppler 0.71.0. There is a memory leak in
15	GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by
16	pdftocairo. (CVE-2018-18897)
17
18	XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef
19	entries, which allows remote attackers to cause a denial of service (NULL
20	pointer dereference) via a crafted PDF document, when XRefEntry::setFlag
21	in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481)
22
23	A reachable Object::getString assertion in Poppler 0.72.0 allows attackers
24	to cause a denial of service due to construction of invalid rich media
25	annotation assets in the AnnotRichMedia class in Annot.c. (CVE-2018-20551)
26
27	A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers
28	to cause a denial of service due to the lack of a check for the dict data
29	type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in
30	pdfdetach. (CVE-2018-20650)
31
32	In Poppler 0.73.0, a heap-based buffer over-read (due to an integer
33	signedness error in the XRef::getEntry function in XRef.cc) allows remote
34	attackers to cause a denial of service (application crash) or possibly
35	have unspecified other impact via a crafted PDF document, as demonstrated
36	by pdftocairo. (CVE-2019-7310)
37	references:
38	- https://bugs.mageia.org/show_bug.cgi?id=24250
39	- https://usn.ubuntu.com/3865-1/
40	- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20481.html
41	- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20650.html
42	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CH33MK2BAV326CV7IKYGMFO4IYX552Z2/
43	- https://usn.ubuntu.com/3886-1/
44	ID: MGASA-2019-0092