Advisories ยป MGASA-2019-0092

Updated poppler packages fix security vulnerability

Publication date: 20 Feb 2019
Modification date: 20 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-18897 , CVE-2018-20481 , CVE-2018-20551 , CVE-2018-20650 , CVE-2019-7310

Description

An issue was discovered in Poppler 0.71.0. There is a memory leak in
GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by
pdftocairo. (CVE-2018-18897)

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef
entries, which allows remote attackers to cause a denial of service (NULL
pointer dereference) via a crafted PDF document, when XRefEntry::setFlag
in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481)

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers
to cause a denial of service due to construction of invalid rich media
annotation assets in the AnnotRichMedia class in Annot.c. (CVE-2018-20551)

A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers
to cause a denial of service due to the lack of a check for the dict data
type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in
pdfdetach. (CVE-2018-20650)

In Poppler 0.73.0, a heap-based buffer over-read (due to an integer
signedness error in the XRef::getEntry function in XRef.cc) allows remote
attackers to cause a denial of service (application crash) or possibly
have unspecified other impact via a crafted PDF document, as demonstrated
by pdftocairo. (CVE-2019-7310)

References

SRPMS

6/core