Bug#926532: poppler: CVE-2019-10873
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 6 16:52:58 BST 2019
Source: poppler
Version: 0.71.0-3
Severity: important
Tags: patch security upstream
Forwarded: https://gitlab.freedesktop.org/poppler/poppler/issues/748
Hi,
The following vulnerability was published for poppler.
CVE-2019-10873[0]:
| An issue was discovered in Poppler 0.74.0. There is a NULL pointer
| dereference in the function SplashClip::clipAALine at
| splash/SplashClip.cc.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-10873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10873
[1] https://gitlab.freedesktop.org/poppler/poppler/issues/748
[2] https://gitlab.freedesktop.org/poppler/poppler/commit/8dbe2e6c480405dab9347075cf4be626f90f1d05
Please adjust the affected versions in the BTS as needed, the issue
possibly got introduced only in 0.70, but needs to be checked.
Regards,
Salvatore
More information about the Pkg-freedesktop-maintainers
mailing list