UbuntuUpdates.org

Package "libpoppler140"

Name: libpoppler140

Description:

PDF rendering library
Latest version: 24.08.0-1ubuntu0.2
Release: oracular (24.10)
Level: security
Repository: main
Head package: poppler
Homepage: https://poppler.freedesktop.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libpoppler140"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libpoppler140" in Oracular

Repository Area Version
updates main 24.08.0-1ubuntu0.2

Changelog

Version: 24.08.0-1ubuntu0.2 2025-04-08 21:07:17 UTC

  poppler (24.08.0-1ubuntu0.2) oracular-security; urgency=medium

  * SECURITY UPDATE: DoS via floating point exception
    - debian/patches/CVE-2025-32364.patch: protect against doing int =
      -INT_MIN in poppler/Function.cc.
    - CVE-2025-32364
  * SECURITY UPDATE: DoS in JBIG2Bitmap::combine function
    - debian/patches/CVE-2025-32365.patch: move isOk check to inside
      JBIG2Bitmap::combine in poppler/JBIG2Stream.cc.
    - CVE-2025-32365

 -- Marc Deslauriers <email address hidden> Mon, 07 Apr 2025 12:13:13 -0400
Source diff to previous version
CVE-2025-32364 A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs a
CVE-2025-32365 Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a

Version: 24.08.0-1ubuntu0.1 2025-01-16 17:07:04 UTC

  poppler (24.08.0-1ubuntu0.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read in pdf file parsing.
    - debian/patches/CVE-2024-56378.patch: Add checks to unlikely and destPtr
      in poppler/JBIG2Stream.cc.
    - CVE-2024-56378

 -- Hlib Korzhynskyy <email address hidden> Tue, 14 Jan 2025 11:44:49 -0330
CVE-2024-56378 libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc.


About   -   Send Feedback to @ubuntu_updates