Advisories » MGASA-2017-0329

Updated poppler packages fix security vulnerabilities

Publication date: 03 Sep 2017
Modification date: 03 Sep 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-9776 , CVE-2017-9865

Description

Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in
pdftocairo in Poppler allows attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
crafted PDF document (CVE-2017-9776).

The function GfxImageColorMap::getGray in GfxState.cc in Poppler allows
attackers to cause a denial of service (stack-based buffer over-read and
application crash) via a crafted PDF document, related to missing
color-map validation in ImageOutputDev.cc (CVE-2017-9865).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21516
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7G2XFEFF6S2H4DRDPUXBUWPEEDGE37EG/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9865

SRPMS

6/core

• poppler-0.52.0-3.1.mga6