Updated poppler packages fix security vulnerabilities
Publication date: 03 Sep 2017Modification date: 03 Sep 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-9776 , CVE-2017-9865
Description
Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document (CVE-2017-9776). The function GfxImageColorMap::getGray in GfxState.cc in Poppler allows attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc (CVE-2017-9865).
References
SRPMS
6/core
- poppler-0.52.0-3.1.mga6