Bug#918158: poppler: CVE-2018-20662

Salvatore Bonaccorso carnil at debian.org
Thu Jan 3 21:52:13 GMT 2019

Source: poppler
Version: 0.69.0-2
Severity: normal
Tags: security upstream
Forwarded: https://gitlab.freedesktop.org/poppler/poppler/issues/706


The following vulnerability was published for poppler.

| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause
| a denial-of-service (application crash caused by Object.h SIGABRT,
| because of a wrong return value from PDFDoc::setup) by crafting a PDF
| file in which an xref data structure is mishandled during
| extractPDFSubtype processing.

Please note that the initial apporach upstream commited was reverted
again, because it caused regressions on some files.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-20662
[1] https://gitlab.freedesktop.org/poppler/poppler/issues/706

Please adjust the affected versions in the BTS as needed.


More information about the Pkg-freedesktop-maintainers mailing list