UbuntuUpdates.org

Package "poppler-utils"

Name: poppler-utils

Description:

PDF utilities (based on Poppler)

Latest version: 0.62.0-2ubuntu2.14
Release: bionic (18.04)
Level: security
Repository: main
Head package: poppler
Homepage: http://poppler.freedesktop.org/

Links


Download "poppler-utils"


Other versions of "poppler-utils" in Bionic

Repository Area Version
base main 0.62.0-2ubuntu2
updates main 0.62.0-2ubuntu2.14

Changelog

Version: 0.62.0-2ubuntu2.14 2022-09-15 02:07:08 UTC

  poppler (0.62.0-2ubuntu2.14) bionic-security; urgency=medium

  * SECURITY REGRESSION: Adding missing install header
    - debian/patches/0001-Install-goo-GooCheckedOps.h.patch:
      this add goo/GooCheckedOps.h to the CMakeLists.txt in order
      to it be distributed in the libpoppler-private-dev that was
      missing in the previous fix for CVE-2022-38784. (LP: #1989515)

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 14 Sep 2022 13:46:18 -0300

Source diff to previous version
1989515 \
CVE-2022-38784 Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Process

Version: 0.62.0-2ubuntu2.13 2022-09-12 21:06:28 UTC

  poppler (0.62.0-2ubuntu2.13) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer Overflow
    - debian/patches/CVE-2022-38784-pre.patch: add checks in
      goo/GooCheckedOps.h, goo/gmem.h.
    - debian/patches/CVE-2022-38784.patch:Fix crash on broken file
      in poppler/JBIG2Stream.cc.
    - CVE-2022-38784

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 06 Sep 2022 08:10:42 -0300

Source diff to previous version
CVE-2022-38784 Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Process

Version: 0.62.0-2ubuntu2.12 2020-11-28 16:06:19 UTC

  poppler (0.62.0-2ubuntu2.12) bionic-security; urgency=medium

  * SECURITY REGRESSION: broken Splash output (LP: #1905741)
    - debian/rules: don't build with SPLASH_CMYK=ON as this causes a
      regression with xpdf and gdal. This reverts the fix for
      CVE-2019-10871.

 -- Marc Deslauriers <email address hidden> Thu, 26 Nov 2020 10:55:59 -0500

Source diff to previous version
1905741 poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
CVE-2019-10871 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.

Version: 0.62.0-2ubuntu2.11 2020-11-25 19:15:50 UTC

  poppler (0.62.0-2ubuntu2.11) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in Parser::makeStream
    - debian/patches/CVE-2018-21009.patch: check for overflow in
      poppler/Parser.cc.
    - CVE-2018-21009
  * SECURITY UPDATE: buffer overread in PSOutputDev::checkPageSlice
    - debian/rules: build with SPLASH_CMYK=ON.
    - debian/patches/CVE-2019-10871-fix.patch: fix wrong width condition in
      splash/SplashBitmap.cc.
    - debian/patches/CVE-2019-10871-fix2.patch: add missing
      splashModeDeviceN8 in two switch statements in
      poppler/SplashOutputDev.cc.
    - CVE-2019-10871
  * SECURITY UPDATE: integer overflow leading to large memory allocation
    - debian/patches/CVE-2019-9959.patch: ignore dict Length if clearly
      broken in poppler/JPEG2000Stream.cc.
    - CVE-2019-9959
  * SECURITY UPDATE: DoS via buffer overflow in pdftohtml
    - debian/patches/CVE-2020-27778.patch: properly initialize
      HtmlOutputDev::page in utils/HtmlOutputDev.cc.
    - CVE-2020-27778

 -- Marc Deslauriers <email address hidden> Wed, 25 Nov 2020 07:34:40 -0500

Source diff to previous version
CVE-2018-21009 Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
CVE-2019-10871 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
CVE-2019-9959 The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereb

Version: 0.62.0-2ubuntu2.10 2019-08-12 13:06:39 UTC

  poppler (0.62.0-2ubuntu2.10) bionic-security; urgency=medium

  * SECURITY UPDATE: Divide-by-zero error
    - debian/patches/CVE-2019-14494.patch: Fix crash on broken file
      in poppler/SplashOutputDev.cc.
    - CVE-2019-14494

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 07 Aug 2019 14:12:48 -0300

CVE-2019-14494 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutput



About   -   Send Feedback to @ubuntu_updates