Advisories ยป MGASA-2019-0293

Updated xpdf packages fix security vulnerabilities

Publication date: 06 Oct 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-10018 , CVE-2019-10019 , CVE-2019-10021 , CVE-2019-10023 , CVE-2019-16927

Description

The updated xpdf packages fix security vulnerabilities:

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function
PostScriptFunction::exec at Function.cc for the psOpIdiv case.
(CVE-2019-10018)

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function
PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
(CVE-2019-10019)

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function
ImageStream::ImageStream at Stream.cc for nComps. (CVE-2019-10021)

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function
PostScriptFunction::exec at Function.cc for the psOpMod case.
(CVE-2019-10023)

Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the
TextPage::findGaps function in TextOutputDev.cc, a different vulnerability
than CVE-2019-9877. (CVE-2019-16927)
                

References

SRPMS

7/core