UbuntuUpdates.org

Package "poppler-utils"

Name: poppler-utils

Description:

PDF utilities (based on Poppler)

Latest version: 0.24.5-2ubuntu4.16
Release: trusty (14.04)
Level: updates
Repository: main
Head package: poppler
Homepage: http://poppler.freedesktop.org/

Links

Save this URL for the latest version of "poppler-utils": https://www.ubuntuupdates.org/poppler-utils


Download "poppler-utils"


Other versions of "poppler-utils" in Trusty

Repository Area Version
base main 0.24.5-2ubuntu4
security main 0.24.5-2ubuntu4.16

Changelog

Version: 0.24.5-2ubuntu4.16 2019-02-11 14:06:19 UTC

  poppler (0.24.5-2ubuntu4.16) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-7310.patch: fix in
      poppler/XRef.cc.
    - CVE-2019-7310

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 08 Feb 2019 11:16:54 -0300

Source diff to previous version
CVE-2019-7310 In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attacke

Version: 0.24.5-2ubuntu4.15 2019-01-22 16:07:01 UTC

  poppler (0.24.5-2ubuntu4.15) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20481.patch: fix in
      poppler/XRef.cc.
    - CVE-2018-20481
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20650.patch: fix in
      poppler/FileSpec.cc.
    - CVE-2018-20650

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 21 Jan 2019 13:21:05 -0300

Source diff to previous version
CVE-2018-20481 XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL poi
CVE-2018-20650 A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data

Version: 0.24.5-2ubuntu4.14 2018-12-11 19:07:04 UTC

  poppler (0.24.5-2ubuntu4.14) trusty-security; urgency=medium

  * SECURITY REGRESSION: fixing regression in check entry
    - debian/patches/CVE-2018-16646-fix-regression-p1.patch
    - debian/patches/CVE-2018-16646-fix-regression-p2.patch

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 11 Dec 2018 10:14:13 -0300

Source diff to previous version
CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this fo

Version: 0.24.5-2ubuntu4.13 2018-12-04 14:06:49 UTC

  poppler (0.24.5-2ubuntu4.13) trusty-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-19149.patch: "check whether
      and embedded file is actually present in the PDF and
      show warning in that case" in glib/poppler-attachment.cc,
      glib/poppler-document.cc.
    - CVE-2018-19149
  [ Marc Deslauriers ]
  * SECURITY UPDATE: infinite recursion via crafted file
    - debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
      poppler/Parser.cc, poppler/XRef.h.
    - CVE-2018-16646
  * SECURITY UPDATE: denial of service via reachable abort
    - debian/patches/CVE-2018-19058.patch: check for stream before calling
      stream methods when saving an embedded file in poppler/FileSpec.cc.
    - CVE-2018-19058
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - debian/patches/CVE-2018-19059.patch: check for valid embedded file
      before trying to save it in utils/pdfdetach.cc.
    - CVE-2018-19059
  * SECURITY UPDATE: denial of service via NULL pointer dereference
    - debian/patches/CVE-2018-19060.patch: check for valid file name of
      embedded file in utils/pdfdetach.cc.
    - CVE-2018-19060

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 30 Nov 2018 13:07:28 -0300

Source diff to previous version
CVE-2018-19149 Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this fo
CVE-2018-19058 An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.
CVE-2018-19059 An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonst
CVE-2018-19060 An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by

Version: 0.24.5-2ubuntu4.12 2018-08-29 15:06:14 UTC

  poppler (0.24.5-2ubuntu4.12) trusty-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2018-13988.patch: fix in poppler/Parser.cc.
    - CVE-2018-13988

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 27 Aug 2018 12:10:48 -0300

CVE-2018-13988 Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demons



About   -   Send Feedback to @ubuntu_updates