Advisories ยป MGASA-2017-0402

Updated poppler packages fix security vulnerabilities

Publication date: 06 Nov 2017
Modification date: 06 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-14927 , CVE-2017-14976 , CVE-2017-15565

Description

In Poppler 0.59.0, a NULL Pointer Dereference exists in the
SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted
PDF document. (CVE-2017-14927)

The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0
has a heap-based buffer over-read vulnerability if an out-of-bounds font
dictionary index is encountered, which allows an attacker to launch a
denial of service attack. (CVE-2017-14976)

In Poppler 0.59.0, a NULL Pointer Dereference exists in the
GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF
document. (CVE-2017-15565)
                

References

SRPMS

5/core

6/core