Bug#918158: poppler: CVE-2018-20662
carnil at debian.org
Thu Jan 3 21:52:13 GMT 2019
Tags: security upstream
The following vulnerability was published for poppler.
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause
| a denial-of-service (application crash caused by Object.h SIGABRT,
| because of a wrong return value from PDFDoc::setup) by crafting a PDF
| file in which an xref data structure is mishandled during
| extractPDFSubtype processing.
Please note that the initial apporach upstream commited was reverted
again, because it caused regressions on some files.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-freedesktop-maintainers