UbuntuUpdates.org

Package "libpoppler-qt4-dev"

Name: libpoppler-qt4-dev

Description:

PDF rendering library -- development files (Qt 4 interface)

Latest version: 0.24.5-2ubuntu4.17
Release: trusty (14.04)
Level: updates
Repository: main
Head package: poppler
Homepage: http://poppler.freedesktop.org/

Links


Download "libpoppler-qt4-dev"


Other versions of "libpoppler-qt4-dev" in Trusty

Repository Area Version
base main 0.24.5-2ubuntu4
security main 0.24.5-2ubuntu4.17

Changelog

Version: 0.24.5-2ubuntu4.12 2018-08-29 15:06:14 UTC

  poppler (0.24.5-2ubuntu4.12) trusty-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2018-13988.patch: fix in poppler/Parser.cc.
    - CVE-2018-13988

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 27 Aug 2018 12:10:48 -0300

Source diff to previous version
CVE-2018-13988 Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demons

Version: 0.24.5-2ubuntu4.11 2018-05-15 20:06:21 UTC

  poppler (0.24.5-2ubuntu4.11) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-18267.patch: fix issue for malformed
      documents in fofi/FoFiType1C.cc.
    - CVE-2017-18267
  * SECURITY UPDATE: Null dereference
    - debian/patches/CVE-2018-10768.patch: draw for malformed docs
      in poppler/Annot.c.
    - CVE-2018-10768

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 14 May 2018 11:18:01 -0300

Source diff to previous version
CVE-2017-18267 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recu
CVE-2018-10768 There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input wi

Version: 0.24.5-2ubuntu4.9 2018-01-08 16:06:23 UTC

  poppler (0.24.5-2ubuntu4.9) trusty-security; urgency=medium

  * SECURITY UPDATE: fails to validate boundaries in TextPool::addWord
    leading to overflow
    - debian/patches/CVE-2017-1000456.patch: fix crash in fuzzed file in
      poppler/TextOutputDev.cc.
    - CVE-2017-1000456
  * SECURITY UPDATE: has a heap-based buffer over-read vulnerability
    - debian/patches/CVE-2017-14976.patch: fix crash in broken files in
      fofi/FoFiType1C.cc.
    - CVE-2017-14976

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jan 2018 13:49:42 -0300

Source diff to previous version

Version: 0.24.5-2ubuntu4.8 2017-10-30 18:06:40 UTC

  poppler (0.24.5-2ubuntu4.8) trusty-security; urgency=medium

  * SECURITY UPDATE: pointer dereference can cause a DoS attack
    - debian/patches/CVE-2017-15565.patch: fix crash in broken files caused by
      a dereference pointer in poppler/CairoOutputDev.cc.
    - CVE-2017-15565

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 26 Oct 2017 11:22:42 -0300

Source diff to previous version
CVE-2017-15565 In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.

Version: 0.24.5-2ubuntu4.7 2017-10-06 17:06:48 UTC

  poppler (0.24.5-2ubuntu4.7) trusty-security; urgency=medium

  * SECURITY UPDATE: Floating point exception
    - debian/patches/CVE-2017-14518.patch: Fix divide by 0 on broken
      documents in splash/Splash.cc.
    - CVE-2017-14518
  * SECURITY UPDATE: Floating point exception
    - debian/patches/CVE-2017-14520.patch: don't try to scale if srcHeight or
      srcWidth is less than 1 in splash/Splash.cc.
    - CVE-2017-14520
  * SECURITY UPDATE: Floating point exception in ImageStream
    - debian/patches/CVE-2017-14617.patch: Fix crash in broken files in
      poppler/Stream.cc.
    - CVE-2017-14617
  * SECURITY UPDATE: Memory corruption
    - debian/patches/CVE-2017-14929.patch: Fix infinite recursion
      in poppler/Gfx.cc, poppler/GfxState.cc, poppler/GfxState.h.
    - CVE-2017-14929
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2017-14975.patch: fix crash in convertToType0 in
      fofi/FoFiType1C.cc.
    - CVE-2017-14975
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2017-14977.patch: fix NULL deference pointer in
      fofi/FoFiTrueType.cc.
    - CVE-2017-14977
  * SECURITY UPDATE: Integer overflow and heap overflow
    - debian/patches/CVE-2017-9776.patch: fix malformed documents
      in poppler/JBIG2Stream.cc.
    - CVE-2017-9776

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 04 Oct 2017 12:51:10 -0300

CVE-2017-1451 IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileg
CVE-2017-1452 IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and
CVE-2017-1461 RESERVED
CVE-2017-1492 RESERVED
CVE-2017-1497 RESERVED
CVE-2017-9776 Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of



About   -   Send Feedback to @ubuntu_updates