MGASA-2018-0290

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0290.html

Import Source

https://advisories.mageia.org/MGASA-2018-0290.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0290

Related

Published

2018-06-19T23:42:28Z

Modified

2018-06-19T23:06:25Z

Summary

Updated poppler packages fix security vulnerability

Details

The updated packages fix security vulnerabilities:

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. (CVE-2017-18267)

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected. (CVE-2018-10768)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / poppler

Package

Name: poppler
Purl: pkg:rpm/mageia/poppler?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.52.0-3.7.mga6

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / poppler

Package

Name: poppler
Purl: pkg:rpm/mageia/poppler?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.26.5-2.9.mga5

Ecosystem specific

{
    "section": "core"
}