Updated poppler packages fix security vulnerabilities
Publication date: 29 Mar 2019Modification date: 29 Mar 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-20662 , CVE-2019-9200
Description
The updated poppler packages fix security vulnerabilities: In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662) A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. (CVE-2019-9200)
References
SRPMS
6/core
- poppler-0.52.0-3.12.mga6