UbuntuUpdates.org

Package "poppler"

Name: poppler

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • PDF rendering library (Qt 5 based shared library)
  • PDF rendering library -- development files (Qt 5 interface)
Latest version: 0.62.0-2ubuntu2.14
Release: bionic (18.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "poppler" in Bionic

Repository Area Version
base universe 0.62.0-2ubuntu2
base main 0.62.0-2ubuntu2
security main 0.62.0-2ubuntu2.14
updates main 0.62.0-2ubuntu2.14
updates universe 0.62.0-2ubuntu2.14

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.62.0-2ubuntu2.14 2022-09-15 02:07:10 UTC

  poppler (0.62.0-2ubuntu2.14) bionic-security; urgency=medium

  * SECURITY REGRESSION: Adding missing install header
    - debian/patches/0001-Install-goo-GooCheckedOps.h.patch:
      this add goo/GooCheckedOps.h to the CMakeLists.txt in order
      to it be distributed in the libpoppler-private-dev that was
      missing in the previous fix for CVE-2022-38784. (LP: #1989515)

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 14 Sep 2022 13:46:18 -0300
Source diff to previous version
1989515 \
CVE-2022-38784 Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Process

Version: 0.62.0-2ubuntu2.13 2022-09-12 21:06:29 UTC

  poppler (0.62.0-2ubuntu2.13) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer Overflow
    - debian/patches/CVE-2022-38784-pre.patch: add checks in
      goo/GooCheckedOps.h, goo/gmem.h.
    - debian/patches/CVE-2022-38784.patch:Fix crash on broken file
      in poppler/JBIG2Stream.cc.
    - CVE-2022-38784

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 06 Sep 2022 08:10:42 -0300
Source diff to previous version
CVE-2022-38784 Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Process

Version: 0.62.0-2ubuntu2.12 2020-11-26 20:07:16 UTC

  poppler (0.62.0-2ubuntu2.12) bionic-security; urgency=medium

  * SECURITY REGRESSION: broken Splash output (LP: #1905741)
    - debian/rules: don't build with SPLASH_CMYK=ON as this causes a
      regression with xpdf and gdal. This reverts the fix for
      CVE-2019-10871.

 -- Marc Deslauriers <email address hidden> Thu, 26 Nov 2020 10:55:59 -0500
Source diff to previous version
1905741 poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
CVE-2019-10871 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.

Version: 0.62.0-2ubuntu2.11 2020-11-25 19:15:51 UTC

  poppler (0.62.0-2ubuntu2.11) bionic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in Parser::makeStream
    - debian/patches/CVE-2018-21009.patch: check for overflow in
      poppler/Parser.cc.
    - CVE-2018-21009
  * SECURITY UPDATE: buffer overread in PSOutputDev::checkPageSlice
    - debian/rules: build with SPLASH_CMYK=ON.
    - debian/patches/CVE-2019-10871-fix.patch: fix wrong width condition in
      splash/SplashBitmap.cc.
    - debian/patches/CVE-2019-10871-fix2.patch: add missing
      splashModeDeviceN8 in two switch statements in
      poppler/SplashOutputDev.cc.
    - CVE-2019-10871
  * SECURITY UPDATE: integer overflow leading to large memory allocation
    - debian/patches/CVE-2019-9959.patch: ignore dict Length if clearly
      broken in poppler/JPEG2000Stream.cc.
    - CVE-2019-9959
  * SECURITY UPDATE: DoS via buffer overflow in pdftohtml
    - debian/patches/CVE-2020-27778.patch: properly initialize
      HtmlOutputDev::page in utils/HtmlOutputDev.cc.
    - CVE-2020-27778

 -- Marc Deslauriers <email address hidden> Wed, 25 Nov 2020 07:34:40 -0500
Source diff to previous version
CVE-2018-21009 Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc.
CVE-2019-10871 An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc.
CVE-2019-9959 The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereb

Version: 0.62.0-2ubuntu2.10 2019-08-12 13:06:44 UTC

  poppler (0.62.0-2ubuntu2.10) bionic-security; urgency=medium

  * SECURITY UPDATE: Divide-by-zero error
    - debian/patches/CVE-2019-14494.patch: Fix crash on broken file
      in poppler/SplashOutputDev.cc.
    - CVE-2019-14494

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 07 Aug 2019 14:12:48 -0300
CVE-2019-14494 An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutput


About   -   Send Feedback to @ubuntu_updates