1 |
type: security |
2 |
subject: Updated poppler packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2018-18897 |
5 |
- CVE-2018-20481 |
6 |
- CVE-2018-20551 |
7 |
- CVE-2018-20650 |
8 |
- CVE-2019-7310 |
9 |
src: |
10 |
6: |
11 |
core: |
12 |
- poppler-0.52.0-3.11.mga6 |
13 |
description: | |
14 |
An issue was discovered in Poppler 0.71.0. There is a memory leak in |
15 |
GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by |
16 |
pdftocairo. (CVE-2018-18897) |
17 |
|
18 |
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef |
19 |
entries, which allows remote attackers to cause a denial of service (NULL |
20 |
pointer dereference) via a crafted PDF document, when XRefEntry::setFlag |
21 |
in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481) |
22 |
|
23 |
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers |
24 |
to cause a denial of service due to construction of invalid rich media |
25 |
annotation assets in the AnnotRichMedia class in Annot.c. (CVE-2018-20551) |
26 |
|
27 |
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers |
28 |
to cause a denial of service due to the lack of a check for the dict data |
29 |
type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in |
30 |
pdfdetach. (CVE-2018-20650) |
31 |
|
32 |
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer |
33 |
signedness error in the XRef::getEntry function in XRef.cc) allows remote |
34 |
attackers to cause a denial of service (application crash) or possibly |
35 |
have unspecified other impact via a crafted PDF document, as demonstrated |
36 |
by pdftocairo. (CVE-2019-7310) |
37 |
references: |
38 |
- https://bugs.mageia.org/show_bug.cgi?id=24250 |
39 |
- https://usn.ubuntu.com/3865-1/ |
40 |
- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20481.html |
41 |
- https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20650.html |
42 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CH33MK2BAV326CV7IKYGMFO4IYX552Z2/ |
43 |
- https://usn.ubuntu.com/3886-1/ |
44 |
ID: MGASA-2019-0092 |