Advisories ยป MGASA-2018-0131

Updated qpdf packages fix security vulnerability

Publication date: 22 Feb 2018
Modification date: 22 Feb 2018
Type: security
Affected Mageia releases : 6

Description

Qpdf has been updated to the latest version to fix several security issues.
- Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral()
- Another stack overflow / endless recursion in QPDFWriter::enqueueObject()
- Stack out of bounds read in iterate_rc4()
- heap out of bounds read (large) in Pl_Buffer::write
- Hang due to a pdf xref loop
Also, the cups-filters package has been rebuilt for the new qpdf.
                

References

SRPMS

6/core