UbuntuUpdates.org

Package "poppler"

Name: poppler

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GObject introspection data for poppler-glib
  • PDF rendering library -- development files (CPP interface)
  • PDF rendering library (CPP shared library)
  • PDF rendering library -- development files
Latest version: 0.86.1-0ubuntu1.6
Release: focal (20.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "poppler" in Focal

Repository Area Version
base main 0.86.1-0ubuntu1
base universe 0.86.1-0ubuntu1
security universe 0.86.1-0ubuntu1.6
updates main 0.86.1-0ubuntu1.6
updates universe 0.86.1-0ubuntu1.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.86.1-0ubuntu1.6 2025-04-08 21:07:10 UTC

  poppler (0.86.1-0ubuntu1.6) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via floating point exception
    - debian/patches/CVE-2025-32364.patch: protect against doing int =
      -INT_MIN in poppler/Function.cc.
    - CVE-2025-32364
  * SECURITY UPDATE: DoS in JBIG2Bitmap::combine function
    - debian/patches/CVE-2025-32365.patch: move isOk check to inside
      JBIG2Bitmap::combine in poppler/JBIG2Stream.cc.
    - CVE-2025-32365

 -- Marc Deslauriers <email address hidden> Mon, 07 Apr 2025 13:44:12 -0400
Source diff to previous version
CVE-2025-32364 A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs a
CVE-2025-32365 Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a

Version: 0.86.1-0ubuntu1.5 2025-01-16 17:06:58 UTC

  poppler (0.86.1-0ubuntu1.5) focal-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read in pdf file parsing.
    - debian/patches/CVE-2024-56378.patch: Add checks to unlikely and destPtr
      in poppler/JBIG2Stream.cc.
    - CVE-2024-56378

 -- Hlib Korzhynskyy <email address hidden> Tue, 14 Jan 2025 13:34:16 -0330
Source diff to previous version
CVE-2024-56378 libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.

Version: 0.86.1-0ubuntu1.4 2023-11-23 04:07:02 UTC

  poppler (0.86.1-0ubuntu1.4) focal-security; urgency=medium

  * SECURITY UPDATE: stack overflow issue
    - debian/patches/CVE-2020-23804.patch: Fix stack overflow with
      specially crafted files
    - CVE-2020-23804
  * SECURITY UPDATE: denial of service issue
    - debian/patches/CVE-2022-37050.patch: pdfseparate: Check XRef's
      Catalog for being a Dict
    - debian/patches/CVE-2022-37051.patch: Check isDict before calling
      getDict
    - debian/patches/CVE-2022-37052.patch: pdfseparate: Account for
      XRef::add failing because we run out of memory
    - debian/patches/CVE-2022-38349.patch: pdfunite: Fix crash on broken
      files
    - CVE-2022-37050
    - CVE-2022-37051
    - CVE-2022-37052
    - CVE-2022-38349

 -- Nishit Majithia <email address hidden> Wed, 22 Nov 2023 11:20:52 +0530
Source diff to previous version
CVE-2020-23804 Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
CVE-2022-37050 In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PD
CVE-2022-37051 An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lack
CVE-2022-37052 A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
CVE-2022-38349 An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDic

Version: 0.86.1-0ubuntu1.3 2023-08-17 21:06:54 UTC

  poppler (0.86.1-0ubuntu1.3) focal-security; urgency=medium

  * SECURITY UPDATE: Infinite loop
    - d/p/0001-Fix-infinite-looping-in-cvtGlyph-with-broken-files.patch:
      Fix Infinite loop in FoFiType1C::cvtGlyph().
    - CVE-2020-36023
  * SECURITY UPDATE: NULL dereference
    - d/p/0002-FoFiType1C-Fix-crashes-with-broken-files.patch: Fix
      NULL dereference in FoFiType1C::convertToType1().
    - CVE-2020-36024

 -- Fabian Toepfer <email address hidden> Wed, 16 Aug 2023 19:03:16 +0200
Source diff to previous version
CVE-2020-36023 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to F
CVE-2020-36024 An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to F

Version: 0.86.1-0ubuntu1.2 2023-08-03 16:07:07 UTC

  poppler (0.86.1-0ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted PDF file
    - debian/patches/CVE-2022-27337.patch: bail out if we run out of file
      when reading in poppler/Hints.cc.
    - CVE-2022-27337

 -- Marc Deslauriers <email address hidden> Wed, 02 Aug 2023 15:15:50 -0400
CVE-2022-27337 A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.


About   -   Send Feedback to @ubuntu_updates