Advisories ยป MGASA-2017-0360

Updated poppler packages fix security vulnerabilities

Publication date: 05 Oct 2017
Modification date: 05 Oct 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-14517 , CVE-2017-14519 , CVE-2017-14520

Description

In Poppler 0.59.0, a NULL Pointer Dereference exists in the
XRef::parseEntry() function in XRef.cc via a crafted PDF document.
(CVE-2017-14517)

In Poppler 0.59.0, memory corruption occurs in a call to
Object::streamGetChar in Object.h after a repeating series of
Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and
Gfx::doShowText calls (aka a Gfx.cc infinite loop). (CVE-2017-14519)

In Poppler 0.59.0, a floating point exception occurs in
Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential
attack when handling malicious PDF files. (CVE-2017-14520)
                

References

SRPMS

5/core

6/core