MGASA-2019-0117

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0117.html

Import Source

https://advisories.mageia.org/MGASA-2019-0117.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0117

Related

Published

2019-03-29T15:51:06Z

Modified

2019-03-29T15:11:55Z

Summary

Updated poppler packages fix security vulnerabilities

Details

The updated poppler packages fix security vulnerabilities:

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. (CVE-2018-20662)

A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. (CVE-2019-9200)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / poppler

Package

Name: poppler
Purl: pkg:rpm/mageia/poppler?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.52.0-3.12.mga6

Ecosystem specific

{
    "section": "core"
}