UbuntuUpdates.org

Package "libpoppler-cpp-dev"

Name: libpoppler-cpp-dev

Description:

PDF rendering library -- development files (CPP interface)

Latest version: 0.62.0-2ubuntu2.12
Release: bionic (18.04)
Level: updates
Repository: main
Head package: poppler
Homepage: http://poppler.freedesktop.org/

Links


Download "libpoppler-cpp-dev"


Other versions of "libpoppler-cpp-dev" in Bionic

Repository Area Version
base main 0.62.0-2ubuntu2
security main 0.62.0-2ubuntu2.12

Changelog

Version: 0.62.0-2ubuntu2.12 2020-11-26 21:07:13 UTC

  poppler (0.62.0-2ubuntu2.12) bionic-security; urgency=medium

  * SECURITY REGRESSION: broken Splash output (LP: #1905741)
    - debian/rules: don't build with SPLASH_CMYK=ON as this causes a
      regression with xpdf and gdal. This reverts the fix for
      CVE-2019-10871.

 -- Marc Deslauriers <email address hidden> Thu, 26 Nov 2020 10:55:59 -0500

Source diff to previous version
1905741 poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
CVE-2019-10871 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.

Version: 0.62.0-2ubuntu2.11 2020-11-25 20:12:16 UTC

  poppler (0.62.0-2ubuntu2.11) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in Parser::makeStream
    - debian/patches/CVE-2018-21009.patch: check for overflow in
      poppler/Parser.cc.
    - CVE-2018-21009
  * SECURITY UPDATE: buffer overread in PSOutputDev::checkPageSlice
    - debian/rules: build with SPLASH_CMYK=ON.
    - debian/patches/CVE-2019-10871-fix.patch: fix wrong width condition in
      splash/SplashBitmap.cc.
    - debian/patches/CVE-2019-10871-fix2.patch: add missing
      splashModeDeviceN8 in two switch statements in
      poppler/SplashOutputDev.cc.
    - CVE-2019-10871
  * SECURITY UPDATE: integer overflow leading to large memory allocation
    - debian/patches/CVE-2019-9959.patch: ignore dict Length if clearly
      broken in poppler/JPEG2000Stream.cc.
    - CVE-2019-9959
  * SECURITY UPDATE: DoS via buffer overflow in pdftohtml
    - debian/patches/CVE-2020-27778.patch: properly initialize
      HtmlOutputDev::page in utils/HtmlOutputDev.cc.
    - CVE-2020-27778

 -- Marc Deslauriers <email address hidden> Wed, 25 Nov 2020 07:34:40 -0500

Source diff to previous version
CVE-2018-21009 Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
CVE-2019-10871 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
CVE-2019-9959 The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereb

Version: 0.62.0-2ubuntu2.10 2019-08-12 14:07:33 UTC

  poppler (0.62.0-2ubuntu2.10) bionic-security; urgency=medium

  * SECURITY UPDATE: Divide-by-zero error
    - debian/patches/CVE-2019-14494.patch: Fix crash on broken file
      in poppler/SplashOutputDev.cc.
    - CVE-2019-14494

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 07 Aug 2019 14:12:48 -0300

Source diff to previous version
CVE-2019-14494 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutput

Version: 0.62.0-2ubuntu2.9 2019-06-27 15:07:05 UTC

  poppler (0.62.0-2ubuntu2.9) bionic-security; urgency=medium

  * SECURITY UPDATE: memory leak in GfxColorSpace::setDisplayProfile
    - debian/patches/CVE-2018-18897.patch: enforcing single initialization
      in poppler/GfxState.cc, qt5/src/poppler-qt5.h.
    - CVE-2018-18897
  * SECURITY UPDATE: DoS via crafted PDF file
    - debian/patches/CVE-2018-20662.patch: check XRef's Catalog for being a
      Dict in utils/pdfunite.cc.
    - CVE-2018-20662
  * SECURITY UPDATE: buffer over-read in downsample_row_box_filter
    - debian/patches/CVE-2019-9631-1.patch: compute correct coverage values
      for box filter in poppler/CairoRescaleBox.cc.
    - debian/patches/CVE-2019-9631-2.patch: constrain number of cycles in
      rescale filter in poppler/CairoRescaleBox.cc.
    - CVE-2019-9631
  * SECURITY UPDATE: dict marking mishandling
    - debian/patches/CVE-2019-9903.patch: fix stack overflow on broken file
      in poppler/PDFDoc.cc.
    - CVE-2019-9903
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-10872.patch: restrict filling of overlapping
      boxes in splash/Splash.cc.
    - CVE-2019-10872
  * SECURITY UPDATE: buffer over-read in JPXStream::init
    - debian/patches/CVE-2019-12293.patch: fail gracefully if not all
      components have the same WxH in poppler/JPEG2000Stream.cc.
    - CVE-2019-12293

 -- Marc Deslauriers <email address hidden> Wed, 26 Jun 2019 09:59:06 -0400

Source diff to previous version
CVE-2018-18897 An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
CVE-2018-20662 In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of
CVE-2019-9631 Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
CVE-2019-9903 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.
CVE-2019-10872 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
CVE-2019-12293 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or width

Version: 0.62.0-2ubuntu2.8 2019-03-11 14:06:51 UTC

  poppler (0.62.0-2ubuntu2.8) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-9200.patch: fix in
      poppler/Stream.cc.
    - CVE-2019-9200

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 28 Feb 2019 09:28:47 -0300

CVE-2019-9200 A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending



About   -   Send Feedback to @ubuntu_updates