Univention Bugzilla – Bug 55220
poppler: Multiple issues (5.0)
Last modified: 2022-09-29 12:38:52 CEST
New Debian poppler 0.71.0-5+deb10u1 fixes: This update addresses the following issues: * memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897) * reachable abort in Object.h (CVE-2018-19058) * reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650) * stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903) * integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959) * divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc (CVE-2019-14494) * pdftohtml: access to uninitialized pointer could lead to DoS (CVE-2020-27778) * A logic error in the Hints::Hints function can cause denial of service (CVE-2022-27337) * integer overflow in JBIG2 decoder using malformed files (CVE-2022-38784)
--- mirror/ftp/pool/main/p/poppler/poppler_0.71.0-5.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/poppler_0.71.0-5+deb10u1.dsc @@ -1,3 +1,13 @@ +0.71.0-5+deb10u1 [Sun, 25 Sep 2022 15:28:19 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2018-18897, CVE-2018-19058, CVE-2018-20650, CVE-2019-9903, + CVE-2019-9959, CVE-2019-14494, CVE-2020-27778, CVE-2022-38784, + CVE-2022-27337. + Several security vulnerabilities have been discovered in Poppler, a PDF + rendering library, that could lead to denial of service or possibly other + unspecified impact when processing maliciously crafted documents. + 0.71.0-5 [Mon, 27 May 2019 22:51:48 +0200] Moritz Muehlenhoff <jmm@debian.org>: * CVE-2018-10872 (Closes: #926530) <http://piuparts.knut.univention.de/5.0-2/#6281465707074807045>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] fb01573961 Bug #55220: poppler 0.71.0-5+deb10u1 doc/errata/staging/poppler.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) [5.0-2] d06a6873fb Bug #55220: poppler 0.71.0-5+deb10u1 doc/errata/staging/poppler.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x436>