UbuntuUpdates.org

Package "poppler"

Name: poppler

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GObject introspection data for poppler-glib
  • PDF rendering library -- development files (CPP interface)
  • PDF rendering library (CPP shared library)
  • PDF rendering library -- development files

Latest version: 0.41.0-0ubuntu1.14
Release: xenial (16.04)
Level: updates
Repository: main

Links

Save this URL for the latest version of "poppler": https://www.ubuntuupdates.org/poppler



Other versions of "poppler" in Xenial

Repository Area Version
base main 0.41.0-0ubuntu1
security main 0.41.0-0ubuntu1.14

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.41.0-0ubuntu1.9 2018-12-04 14:06:51 UTC

  poppler (0.41.0-0ubuntu1.9) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-19149.patch: "check whether
      and embedded file is actually present in the PDF and
      show warning in that case" in glib/poppler-attachment.cc,
      glib/poppler-document.cc.
    - CVE-2018-19149
  [ Marc Deslauriers ]
  * SECURITY UPDATE: infinite recursion via crafted file
    - debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
      poppler/Parser.cc, poppler/XRef.h.
    - CVE-2018-16646
  * SECURITY UPDATE: denial of service via reachable abort
    - debian/patches/CVE-2018-19058.patch: check for stream before calling
      stream methods when saving an embedded file in poppler/FileSpec.cc.
    - CVE-2018-19058
  * SECURITY UPDATE: denial of service via out-of-bounds read
    - debian/patches/CVE-2018-19059.patch: check for valid embedded file
      before trying to save it in utils/pdfdetach.cc.
    - CVE-2018-19059
  * SECURITY UPDATE: denial of service via NULL pointer dereference
    - debian/patches/CVE-2018-19060.patch: check for valid file name of
      embedded file in utils/pdfdetach.cc.
    - CVE-2018-19060

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 30 Nov 2018 14:07:17 -0300

Source diff to previous version
CVE-2018-19149 Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
CVE-2018-16646 In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this fo
CVE-2018-19058 An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.
CVE-2018-19059 An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonst
CVE-2018-19060 An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by

Version: 0.41.0-0ubuntu1.8 2018-08-29 15:06:18 UTC

  poppler (0.41.0-0ubuntu1.8) xenial-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2018-13988.patch: fix in poppler/Parser.cc.
    - CVE-2018-13988

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 27 Aug 2018 14:02:34 -0300

Source diff to previous version
CVE-2018-13988 Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demons

Version: 0.41.0-0ubuntu1.7 2018-05-15 20:06:23 UTC

  poppler (0.41.0-0ubuntu1.7) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2017-18267.patch: fix issue for malformed
      documents in fofi/FoFiType1C.cc.
    - CVE-2017-18267

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 14 May 2018 12:00:46 -0300

Source diff to previous version
CVE-2017-18267 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recu

Version: 0.41.0-0ubuntu1.6 2018-01-08 16:06:24 UTC

  poppler (0.41.0-0ubuntu1.6) xenial-security; urgency=medium

  * SECURITY UPDATE: fails to validate boundaries in TextPool::addWord
    leading to overflow
    - debian/patches/CVE-2017-1000456.patch: fix crash in fuzzed file in
      poppler/TextOutputDev.cc.
    - CVE-2017-1000456
  * SECURITY UPDATE: has a heap-based buffer over-read vulnerability
    - debian/patches/CVE-2017-14976.patch: fix crash in broken files in
      fofi/FoFiType1C.cc.
    - CVE-2017-14976

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Jan 2018 13:58:32 -0300

Source diff to previous version

Version: 0.41.0-0ubuntu1.5 2017-10-30 19:06:37 UTC

  poppler (0.41.0-0ubuntu1.5) xenial-security; urgency=medium

  * SECURITY UPDATE: pointer dereference can cause a DoS attack
    - debian/patches/CVE-2017-15565.patch: fix crash in broken files caused by
      a dereference pointer in poppler/CairoOutputDev.cc.
    - CVE-2017-15565

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 26 Oct 2017 11:20:13 -0300

CVE-2017-15565 In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document.



About   -   Send Feedback to @ubuntu_updates