Bug#918158: poppler: CVE-2018-20662
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 3 21:52:13 GMT 2019
Source: poppler
Version: 0.69.0-2
Severity: normal
Tags: security upstream
Forwarded: https://gitlab.freedesktop.org/poppler/poppler/issues/706
Hi,
The following vulnerability was published for poppler.
CVE-2018-20662[0]:
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause
| a denial-of-service (application crash caused by Object.h SIGABRT,
| because of a wrong return value from PDFDoc::setup) by crafting a PDF
| file in which an xref data structure is mishandled during
| extractPDFSubtype processing.
Please note that the initial apporach upstream commited was reverted
again, because it caused regressions on some files.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-20662
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20662
[1] https://gitlab.freedesktop.org/poppler/poppler/issues/706
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-freedesktop-maintainers
mailing list