Package "poppler"
| Name: |
poppler
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- GObject introspection data for poppler-glib
- PDF rendering library -- development files (CPP interface)
- PDF rendering library (CPP shared library)
- PDF rendering library -- development files
|
| Latest version: |
0.68.0-0ubuntu1.7 |
| Release: |
cosmic (18.10) |
| Level: |
updates |
| Repository: |
main |
Links
Save this URL for the latest version of "poppler":
https://www.ubuntuupdates.org/poppler
Other versions of "poppler" in Cosmic
Packages in group
Deleted packages are displayed in grey.
Changelog
|
poppler (0.68.0-0ubuntu1.7) cosmic-security; urgency=medium
* SECURITY UPDATE: memory leak in GfxColorSpace::setDisplayProfile
- debian/patches/CVE-2018-18897.patch: enforcing single initialization
in poppler/GfxState.cc, qt5/src/poppler-qt5.h.
- CVE-2018-18897
* SECURITY UPDATE: DoS via crafted PDF file
- debian/patches/CVE-2018-20662.patch: check XRef's Catalog for being a
Dict in utils/pdfunite.cc.
- CVE-2018-20662
* SECURITY UPDATE: buffer over-read in downsample_row_box_filter
- debian/patches/CVE-2019-9631-1.patch: compute correct coverage values
for box filter in poppler/CairoRescaleBox.cc.
- debian/patches/CVE-2019-9631-2.patch: constrain number of cycles in
rescale filter in poppler/CairoRescaleBox.cc.
- CVE-2019-9631
* SECURITY UPDATE: dict marking mishandling
- debian/patches/CVE-2019-9903.patch: fix stack overflow on broken file
in poppler/PDFDoc.cc.
- CVE-2019-9903
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-10872.patch: restrict filling of overlapping
boxes in splash/Splash.cc.
- CVE-2019-10872
* SECURITY UPDATE: buffer over-read in JPXStream::init
- debian/patches/CVE-2019-12293.patch: fail gracefully if not all
components have the same WxH in poppler/JPEG2000Stream.cc.
- CVE-2019-12293
-- Marc Deslauriers <email address hidden> Wed, 26 Jun 2019 09:43:05 -0400
|
| Source diff to previous version |
| CVE-2018-18897 |
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. |
| CVE-2018-20662 |
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of |
| CVE-2019-9631 |
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. |
| CVE-2019-9903 |
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict. |
| CVE-2019-10872 |
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. |
| CVE-2019-12293 |
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or width |
|
|
poppler (0.68.0-0ubuntu1.6) cosmic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-9200.patch: fix in
poppler/Stream.cc.
- CVE-2019-9200
-- <email address hidden> (Leonidas S. Barbosa) Thu, 28 Feb 2019 12:47:51 -0300
|
| Source diff to previous version |
| CVE-2019-9200 |
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending |
|
|
poppler (0.68.0-0ubuntu1.5) cosmic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20551.patch: fix in
poppler/Annot.cc.
- CVE-2018-20551
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-7310.patch: fix in
poppler/XRef.cc.
- CVE-2019-7310
-- <email address hidden> (Leonidas S. Barbosa) Fri, 08 Feb 2019 12:12:49 -0300
|
| Source diff to previous version |
| CVE-2018-20551 |
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media ann |
| CVE-2019-7310 |
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attacke |
|
|
poppler (0.68.0-0ubuntu1.4) cosmic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20481.patch: fix in
poppler/XRef.cc.
- CVE-2018-20481
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20650.patch: fix in
poppler/FileSpec.cc.
- CVE-2018-20650
-- <email address hidden> (Leonidas S. Barbosa) Mon, 21 Jan 2019 09:54:17 -0300
|
| Source diff to previous version |
| CVE-2018-20481 |
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL poi |
| CVE-2018-20650 |
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data |
|
|
poppler (0.68.0-0ubuntu1.3) cosmic-security; urgency=medium
* SECURITY REGRESSION: fixing regression in check entry
- debian/patches/CVE-2018-16646-fix-regression-p1.patch
- debian/patches/CVE-2018-16646-fix-regression-p2.patch
-- <email address hidden> (Leonidas S. Barbosa) Mon, 10 Dec 2018 15:46:44 -0300
|
| CVE-2018-16646 |
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this fo |
|
About
-
Send Feedback to @ubuntu_updates
