UbuntuUpdates.org

Package "libpoppler-glib-dev"

Name: libpoppler-glib-dev

Description:

PDF rendering library -- development files (GLib interface)
Latest version: 22.02.0-2ubuntu0.12
Release: jammy (22.04)
Level: updates
Repository: main
Head package: poppler
Homepage: https://poppler.freedesktop.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libpoppler-glib-dev"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libpoppler-glib-dev" in Jammy

Repository Area Version
base main 22.02.0-2
security main 22.02.0-2ubuntu0.12

Changelog

Version: 22.02.0-2ubuntu0.12 2025-11-05 22:06:57 UTC

  poppler (22.02.0-2ubuntu0.12) jammy-security; urgency=medium

  * SECURITY UPDATE: User after free
    - debian/patches/CVE-2025-52885.patch: check for duplicate
      entries in poppler/StructTreeRoot.cc.
    - CVE-2025-52885

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 03 Nov 2025 08:08:58 -0300
Source diff to previous version
CVE-2025-52885 Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in

Version: 22.02.0-2ubuntu0.11 2025-10-06 19:07:28 UTC

  poppler (22.02.0-2ubuntu0.11) jammy-security; urgency=medium

  * SECURITY UPDATE: stack consumption via metadata
    - debian/patches/CVE-2025-43718.patch: make sure regex doesn't stack
      overflow by limiting it in poppler/PDFDoc.cc.
    - CVE-2025-43718

 -- Marc Deslauriers <email address hidden> Fri, 03 Oct 2025 07:37:01 -0400
Source diff to previous version
CVE-2025-43718 Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFE

Version: 22.02.0-2ubuntu0.10 2025-08-21 00:34:47 UTC

  poppler (22.02.0-2ubuntu0.10) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2025-50420.patch: don't continue
      recursing in PDFDoc in poppler/PDFDoc.cc.
    - CVE-2025-50420

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 12 Aug 2025 13:21:56 -0300
Source diff to previous version
CVE-2025-50420 An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file.

Version: 22.02.0-2ubuntu0.9 2025-07-28 18:07:30 UTC

  poppler (22.02.0-2ubuntu0.9) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via reference count overflow
    - debian/patches/CVE-2025-52886.patch: limit amount of annots per
      document/page in poppler/Annot.cc, poppler/Page.cc.
    - CVE-2025-52886

 -- Marc Deslauriers <email address hidden> Fri, 25 Jul 2025 11:21:27 -0400
Source diff to previous version
CVE-2025-52886 Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits

Version: 22.02.0-2ubuntu0.8 2025-04-30 00:07:09 UTC

  poppler (22.02.0-2ubuntu0.8) jammy-security; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 14:59:10 +0200
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge


About   -   Send Feedback to @ubuntu_updates