UbuntuUpdates.org

Package "poppler"

Name: poppler

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • PDF rendering library -- development files (GLib interface)
  • PDF rendering library (Qt 5 based shared library)
  • PDF rendering library -- development files (Qt 5 interface)
  • PDF rendering library (Qt 6 based shared library)
Latest version: 24.02.0-1ubuntu9.7
Release: noble (24.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "poppler" in Noble

Repository Area Version
base universe 24.02.0-1ubuntu9
base main 24.02.0-1ubuntu9
security main 24.02.0-1ubuntu9.7
updates main 24.02.0-1ubuntu9.7
updates universe 24.02.0-1ubuntu9.7

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 24.02.0-1ubuntu9.7 2025-10-06 14:07:28 UTC

  poppler (24.02.0-1ubuntu9.7) noble-security; urgency=medium

  * SECURITY UPDATE: stack consumption via metadata
    - debian/patches/CVE-2025-43718.patch: make sure regex doesn't stack
      overflow by limiting it in poppler/PDFDoc.cc.
    - CVE-2025-43718

 -- Marc Deslauriers <email address hidden> Fri, 03 Oct 2025 07:36:12 -0400
Source diff to previous version
CVE-2025-43718 Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFE

Version: 24.02.0-1ubuntu9.6 2025-08-20 20:56:30 UTC

  poppler (24.02.0-1ubuntu9.6) noble-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2025-50420.patch: don't continue
      recursing in PDFDoc in poppler/PDFDoc.cc.
    - CVE-2025-50420

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 12 Aug 2025 12:43:49 -0300
Source diff to previous version
CVE-2025-50420 An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file.

Version: 24.02.0-1ubuntu9.5 2025-07-28 14:07:18 UTC

  poppler (24.02.0-1ubuntu9.5) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via reference count overflow
    - debian/patches/CVE-2025-52886.patch: limit amount of annots per
      document/page in poppler/Annot.cc, poppler/Page.cc.
    - CVE-2025-52886

 -- Marc Deslauriers <email address hidden> Fri, 25 Jul 2025 11:20:42 -0400
Source diff to previous version
CVE-2025-52886 Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits

Version: 24.02.0-1ubuntu9.4 2025-04-29 23:07:08 UTC

  poppler (24.02.0-1ubuntu9.4) noble-security; urgency=medium

  * SECURITY UPDATE: signature validation
    - debian/patches/CVE-2025-43903.patch: Properly verify adbe.pkcs7.sha1
      signatures.
    - CVE-2025-43903

 -- Fabian Toepfer <email address hidden> Thu, 24 Apr 2025 14:59:17 +0200
Source diff to previous version
CVE-2025-43903 NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forge

Version: 24.02.0-1ubuntu9.3 2025-04-08 21:07:16 UTC

  poppler (24.02.0-1ubuntu9.3) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via floating point exception
    - debian/patches/CVE-2025-32364.patch: protect against doing int =
      -INT_MIN in poppler/Function.cc.
    - CVE-2025-32364
  * SECURITY UPDATE: DoS in JBIG2Bitmap::combine function
    - debian/patches/CVE-2025-32365.patch: move isOk check to inside
      JBIG2Bitmap::combine in poppler/JBIG2Stream.cc.
    - CVE-2025-32365

 -- Marc Deslauriers <email address hidden> Mon, 07 Apr 2025 12:18:03 -0400
CVE-2025-32364 A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs a
CVE-2025-32365 Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a


About   -   Send Feedback to @ubuntu_updates