UbuntuUpdates.org

Package "libpoppler-dev"

Name: libpoppler-dev

Description:

PDF rendering library -- development files

Latest version: 22.02.0-2ubuntu0.5
Release: jammy (22.04)
Level: updates
Repository: main
Head package: poppler
Homepage: https://poppler.freedesktop.org/

Links


Download "libpoppler-dev"


Other versions of "libpoppler-dev" in Jammy

Repository Area Version
base main 22.02.0-2
security main 22.02.0-2ubuntu0.5

Changelog

Version: 22.02.0-2ubuntu0.5 2024-07-25 01:07:16 UTC

  poppler (22.02.0-2ubuntu0.5) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2024-6239.patch: fix crash in broken
      documents when using -dests in utils/pdfinfo.c.
    - CVE-2024-6239

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 27 Jun 2024 14:11:16 -0300

Source diff to previous version
CVE-2024-6239 A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed inp

Version: 22.02.0-2ubuntu0.4 2024-05-08 10:06:58 UTC

  poppler (22.02.0-2ubuntu0.4) jammy; urgency=medium

  * Add fix-invisible-form-fields.patch:
    - Pick upstream fix for a regression making fields invisible
      (LP: #1980836)

 -- Timo Jyrinki <email address hidden> Wed, 17 Apr 2024 14:49:37 +0300

Source diff to previous version
1980836 Regression in Ubuntu 22.04: Content of form field stored invisibly

Version: 22.02.0-2ubuntu0.3 2023-11-23 05:07:03 UTC

  poppler (22.02.0-2ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: denial of service issue
    - debian/patches/CVE-2022-37050.patch: pdfseparate: Check XRef's
      Catalog for being a Dict
    - debian/patches/CVE-2022-37051.patch: Check isDict before calling
      getDict
    - debian/patches/CVE-2022-37052.patch: pdfseparate: Account for
      XRef::add failing because we run out of memory
    - debian/patches/CVE-2022-38349.patch: pdfunite: Fix crash on broken
      files
    - CVE-2022-37050
    - CVE-2022-37051
    - CVE-2022-37052
    - CVE-2022-38349

 -- Nishit Majithia <email address hidden> Wed, 22 Nov 2023 11:22:05 +0530

Source diff to previous version
CVE-2022-37050 In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PD
CVE-2022-37051 An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lack
CVE-2022-37052 A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
CVE-2022-38349 An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDic

Version: 22.02.0-2ubuntu0.2 2023-08-03 16:07:16 UTC

  poppler (22.02.0-2ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted PDF file
    - debian/patches/CVE-2022-27337.patch: bail out if we run out of file
      when reading in poppler/Hints.cc.
    - CVE-2022-27337
  * SECURITY UPDATE: DoS via crafted PDF file
    - debian/patches/CVE-2023-34872.patch: fix crash in poppler/Outline.cc.
    - CVE-2023-34872

 -- Marc Deslauriers <email address hidden> Wed, 02 Aug 2023 14:52:35 -0400

Source diff to previous version
CVE-2022-27337 A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2023-34872 A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file

Version: 22.02.0-2ubuntu0.1 2022-09-12 23:07:14 UTC

  poppler (22.02.0-2ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Integer Overflow
    - debian/patches/CVE-2022-38784.patch:Fix crash on broken file
      in poppler/JBIG2Stream.cc.
    - CVE-2022-38784

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 06 Sep 2022 06:32:35 -0300

CVE-2022-38784 Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Process



About   -   Send Feedback to @ubuntu_updates