Advisories » MGASA-2018-0083

Updated poppler packages fix security vulnerability

Publication date: 14 Jan 2018
Modification date: 14 Jan 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-1000456

Description

freedesktop.org libpoppler 0.60.1 fails to validate boundaries in
TextPool::addWord, leading to overflow in subsequent calculations
(CVE-2017-1000456).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22377
• https://usn.ubuntu.com/usn/usn-3517-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000456

SRPMS

5/core

• poppler-0.26.5-2.8.mga5