UbuntuUpdates.org

Package "gir1.2-poppler-0.18"

Name: gir1.2-poppler-0.18

Description:

GObject introspection data for poppler-glib

Latest version: 0.41.0-0ubuntu1.14
Release: xenial (16.04)
Level: security
Repository: main
Head package: poppler
Homepage: http://poppler.freedesktop.org/

Links

Save this URL for the latest version of "gir1.2-poppler-0.18": https://www.ubuntuupdates.org/gir1.2-poppler-0.18


Download "gir1.2-poppler-0.18"


Other versions of "gir1.2-poppler-0.18" in Xenial

Repository Area Version
base main 0.41.0-0ubuntu1
updates main 0.41.0-0ubuntu1.14

Changelog

Version: 0.41.0-0ubuntu1.14 2019-06-27 14:07:20 UTC

  poppler (0.41.0-0ubuntu1.14) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS in GfxImageColorMap::getGray
    - debian/patches/CVE-2017-9865.patch: clear buffers in
      utils/HtmlOutputDev.cc, utils/ImageOutputDev.cc.
    - CVE-2017-9865
  * SECURITY UPDATE: memory leak in GfxColorSpace::setDisplayProfile
    - debian/patches/CVE-2018-18897.patch: enforcing single initialization
      in poppler/GfxState.cc, qt5/src/poppler-qt5.h.
    - CVE-2018-18897
  * SECURITY UPDATE: DoS via crafted PDF file
    - debian/patches/CVE-2018-20662.patch: check XRef's Catalog for being a
      Dict in utils/pdfunite.cc.
    - CVE-2018-20662
  * SECURITY UPDATE: buffer over-read in downsample_row_box_filter
    - debian/patches/CVE-2019-9631-1.patch: compute correct coverage values
      for box filter in poppler/CairoRescaleBox.cc.
    - debian/patches/CVE-2019-9631-2.patch: constrain number of cycles in
      rescale filter in poppler/CairoRescaleBox.cc.
    - CVE-2019-9631
  * SECURITY UPDATE: dict marking mishandling
    - debian/patches/CVE-2019-9903.patch: fix stack overflow on broken file
      in poppler/PDFDoc.cc.
    - CVE-2019-9903
  * SECURITY UPDATE: DoS via FPE
    - debian/patches/CVE-2019-10018-10023.patch: check for zero in
      poppler/Function.cc.
    - CVE-2019-10018
    - CVE-2019-10023
  * SECURITY UPDATE: DoS via FPE
    - debian/patches/CVE-2019-10019.patch: check nStripes in
      poppler/PSOutputDev.cc.
    - CVE-2019-10019
  * SECURITY UPDATE: DoS via FPE
    - debian/patches/CVE-2019-10021.patch: check nBits in
      poppler/Stream.cc.
    - CVE-2019-10021
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-10872.patch: restrict filling of overlapping
      boxes in splash/Splash.cc.
    - CVE-2019-10872
  * SECURITY UPDATE: buffer over-read in JPXStream::init
    - debian/patches/CVE-2019-12293.patch: fail gracefully if not all
      components have the same WxH in poppler/JPEG2000Stream.cc.
    - CVE-2019-12293

 -- Marc Deslauriers <email address hidden> Wed, 26 Jun 2019 10:14:59 -0400

Source diff to previous version
CVE-2017-9865 The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over
CVE-2018-18897 An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
CVE-2018-20662 In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of
CVE-2019-9631 Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.
CVE-2019-9903 PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.
CVE-2019-10018 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
CVE-2019-10023 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
CVE-2019-10019 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
CVE-2019-10021 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
CVE-2019-10872 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.
CVE-2019-12293 In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or width

Version: 0.41.0-0ubuntu1.13 2019-03-12 14:06:54 UTC

  poppler (0.41.0-0ubuntu1.13) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-9200.patch: fix in
      poppler/Stream.cc.
    - CVE-2019-9200

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 28 Feb 2019 09:25:31 -0300

Source diff to previous version
CVE-2019-9200 A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending

Version: 0.41.0-0ubuntu1.12 2019-02-11 13:06:23 UTC

  poppler (0.41.0-0ubuntu1.12) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20551.patch: fix in
      poppler/Annot.cc.
    - CVE-2018-20551
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-7310.patch: fix in
      poppler/XRef.cc.
    - CVE-2019-7310

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 06 Feb 2019 14:44:16 -0300

Source diff to previous version
CVE-2018-20551 A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media ann
CVE-2019-7310 In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attacke

Version: 0.41.0-0ubuntu1.11 2019-01-22 15:07:00 UTC

  poppler (0.41.0-0ubuntu1.11) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20481.patch: fix in
      poppler/XRef.cc.
    - CVE-2018-20481
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-20650.patch: fix in
      poppler/FileSpec.cc.
    - CVE-2018-20650

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 21 Jan 2019 12:10:09 -0300

Source diff to previous version
CVE-2018-20481 XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL poi
CVE-2018-20650 A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data

Version: 0.41.0-0ubuntu1.10 2018-12-11 18:07:12 UTC

  poppler (0.41.0-0ubuntu1.10) xenial-security; urgency=medium

  * SECURITY REGRESSION: fixing patch applied previously
    for CVE-2018-19149
    - debian/patch/CVE-2018-19149-fixing-previous.patch
  * SECURITY REGRESSION: fixing regression in check entry
    - debian/patches/CVE-2018-16646-fix-regression-p1.patch
    - debian/patches/CVE-2018-16646-fix-regression-p2.patch

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 10 Dec 2018 16:08:10 -0300

CVE-2018-19149 Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this fo



About   -   Send Feedback to @ubuntu_updates