Univention Bugzilla – Bug 52081
(ES 4.3) poppler
Last modified: 2020-11-30 12:45:48 CET
Provide poppler version 0.48.0-2+deb9u3 for UCS 4.3 First imported at bug #51725 This update addresses the following issues: * Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267) * Infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646) * NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481) * Integer overflow in Parser::makeStream in Parser.cc (CVE-2018-21009) * Heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200) * Heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631) * Heap-based buffer over-read in function Splash::blitTransparent in splash/Splash.cc (CVE-2019-10872) * Heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293)
-> apt-cache policy poppler-utils poppler-utils: Installiert: 0.48.0-2+deb9u3 Installationskandidat: 0.48.0-2+deb9u3 Versionstabelle: *** 0.48.0-2+deb9u3 500 500 http://192.168.0.10/build2 ucs_4.3-0-extsec4.3/amd64/ Packages
CLOSED: Released as extsec4.3 update