Package "poppler-dbg"
Name: |
poppler-dbg
|
Description: |
PDF rendering library -- debugging symbols
|
Latest version: |
0.24.5-2ubuntu4.17 |
Release: |
trusty (14.04) |
Level: |
updates |
Repository: |
main |
Head package: |
poppler |
Homepage: |
http://poppler.freedesktop.org/ |
Links
Download "poppler-dbg"
Other versions of "poppler-dbg" in Trusty
Changelog
poppler (0.24.5-2ubuntu4.17) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-9200.patch: fix in
poppler/Stream.cc.
- CVE-2019-9200
-- <email address hidden> (Leonidas S. Barbosa) Thu, 28 Feb 2019 09:14:27 -0300
|
Source diff to previous version |
CVE-2019-9200 |
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending |
|
poppler (0.24.5-2ubuntu4.16) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-7310.patch: fix in
poppler/XRef.cc.
- CVE-2019-7310
-- <email address hidden> (Leonidas S. Barbosa) Fri, 08 Feb 2019 11:16:54 -0300
|
Source diff to previous version |
CVE-2019-7310 |
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attacke |
|
poppler (0.24.5-2ubuntu4.15) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20481.patch: fix in
poppler/XRef.cc.
- CVE-2018-20481
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20650.patch: fix in
poppler/FileSpec.cc.
- CVE-2018-20650
-- <email address hidden> (Leonidas S. Barbosa) Mon, 21 Jan 2019 13:21:05 -0300
|
Source diff to previous version |
CVE-2018-20481 |
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL poi |
CVE-2018-20650 |
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data |
|
poppler (0.24.5-2ubuntu4.14) trusty-security; urgency=medium
* SECURITY REGRESSION: fixing regression in check entry
- debian/patches/CVE-2018-16646-fix-regression-p1.patch
- debian/patches/CVE-2018-16646-fix-regression-p2.patch
-- <email address hidden> (Leonidas S. Barbosa) Tue, 11 Dec 2018 10:14:13 -0300
|
Source diff to previous version |
CVE-2018-16646 |
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this fo |
|
poppler (0.24.5-2ubuntu4.13) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19149.patch: "check whether
and embedded file is actually present in the PDF and
show warning in that case" in glib/poppler-attachment.cc,
glib/poppler-document.cc.
- CVE-2018-19149
[ Marc Deslauriers ]
* SECURITY UPDATE: infinite recursion via crafted file
- debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
poppler/Parser.cc, poppler/XRef.h.
- CVE-2018-16646
* SECURITY UPDATE: denial of service via reachable abort
- debian/patches/CVE-2018-19058.patch: check for stream before calling
stream methods when saving an embedded file in poppler/FileSpec.cc.
- CVE-2018-19058
* SECURITY UPDATE: denial of service via out-of-bounds read
- debian/patches/CVE-2018-19059.patch: check for valid embedded file
before trying to save it in utils/pdfdetach.cc.
- CVE-2018-19059
* SECURITY UPDATE: denial of service via NULL pointer dereference
- debian/patches/CVE-2018-19060.patch: check for valid file name of
embedded file in utils/pdfdetach.cc.
- CVE-2018-19060
-- <email address hidden> (Leonidas S. Barbosa) Fri, 30 Nov 2018 13:07:28 -0300
|
CVE-2018-19149 |
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. |
CVE-2018-16646 |
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this fo |
CVE-2018-19058 |
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec. |
CVE-2018-19059 |
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonst |
CVE-2018-19060 |
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by |
|
About
-
Send Feedback to @ubuntu_updates