Package "poppler-utils"
Name: |
poppler-utils
|
Description: |
PDF utilities (based on Poppler)
|
Latest version: |
0.41.0-0ubuntu1.16 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
main |
Head package: |
poppler |
Homepage: |
http://poppler.freedesktop.org/ |
Links
Download "poppler-utils"
Other versions of "poppler-utils" in Xenial
Changelog
poppler (0.41.0-0ubuntu1.16) xenial-security; urgency=medium
* SECURITY REGRESSION: broken Splash output (LP: #1905741)
- debian/rules: don't build with --enable-cmyk as this causes a
regression with xpdf and gdal. This reverts the fix for
CVE-2019-10871.
-- Marc Deslauriers <email address hidden> Thu, 26 Nov 2020 10:59:16 -0500
|
Source diff to previous version |
1905741 |
poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output |
CVE-2019-10871 |
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. |
|
poppler (0.41.0-0ubuntu1.15) xenial-security; urgency=medium
* SECURITY UPDATE: integer overflow in Parser::makeStream
- debian/patches/CVE-2018-21009.patch: check for overflow in
poppler/Parser.cc.
- CVE-2018-21009
* SECURITY UPDATE: buffer overread in PSOutputDev::checkPageSlice
- debian/rules: build with --enable-cmyk.
- debian/patches/CVE-2019-10871-fix.patch: fix wrong width condition in
splash/SplashBitmap.cc.
- debian/patches/CVE-2019-10871-fix2.patch: add missing
splashModeDeviceN8 in two switch statements in
poppler/SplashOutputDev.cc.
- CVE-2019-10871
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-13283.patch: fix invalid memory access in
fofi/FoFiType1.cc.
- CVE-2019-13283
* SECURITY UPDATE: integer overflow leading to large memory allocation
- debian/patches/CVE-2019-9959.patch: ignore dict Length if clearly
broken in poppler/JPEG2000Stream.cc.
- CVE-2019-9959
* SECURITY UPDATE: DoS via buffer overflow in pdftohtml
- debian/patches/CVE-2020-27778.patch: properly initialize
HtmlOutputDev::page in utils/HtmlOutputDev.cc.
- CVE-2020-27778
-- Marc Deslauriers <email address hidden> Wed, 25 Nov 2020 08:41:00 -0500
|
Source diff to previous version |
CVE-2018-21009 |
Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. |
CVE-2019-10871 |
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. |
CVE-2019-13283 |
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure th |
CVE-2019-9959 |
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereb |
|
poppler (0.41.0-0ubuntu1.14) xenial-security; urgency=medium
* SECURITY UPDATE: DoS in GfxImageColorMap::getGray
- debian/patches/CVE-2017-9865.patch: clear buffers in
utils/HtmlOutputDev.cc, utils/ImageOutputDev.cc.
- CVE-2017-9865
* SECURITY UPDATE: memory leak in GfxColorSpace::setDisplayProfile
- debian/patches/CVE-2018-18897.patch: enforcing single initialization
in poppler/GfxState.cc, qt5/src/poppler-qt5.h.
- CVE-2018-18897
* SECURITY UPDATE: DoS via crafted PDF file
- debian/patches/CVE-2018-20662.patch: check XRef's Catalog for being a
Dict in utils/pdfunite.cc.
- CVE-2018-20662
* SECURITY UPDATE: buffer over-read in downsample_row_box_filter
- debian/patches/CVE-2019-9631-1.patch: compute correct coverage values
for box filter in poppler/CairoRescaleBox.cc.
- debian/patches/CVE-2019-9631-2.patch: constrain number of cycles in
rescale filter in poppler/CairoRescaleBox.cc.
- CVE-2019-9631
* SECURITY UPDATE: dict marking mishandling
- debian/patches/CVE-2019-9903.patch: fix stack overflow on broken file
in poppler/PDFDoc.cc.
- CVE-2019-9903
* SECURITY UPDATE: DoS via FPE
- debian/patches/CVE-2019-10018-10023.patch: check for zero in
poppler/Function.cc.
- CVE-2019-10018
- CVE-2019-10023
* SECURITY UPDATE: DoS via FPE
- debian/patches/CVE-2019-10019.patch: check nStripes in
poppler/PSOutputDev.cc.
- CVE-2019-10019
* SECURITY UPDATE: DoS via FPE
- debian/patches/CVE-2019-10021.patch: check nBits in
poppler/Stream.cc.
- CVE-2019-10021
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-10872.patch: restrict filling of overlapping
boxes in splash/Splash.cc.
- CVE-2019-10872
* SECURITY UPDATE: buffer over-read in JPXStream::init
- debian/patches/CVE-2019-12293.patch: fail gracefully if not all
components have the same WxH in poppler/JPEG2000Stream.cc.
- CVE-2019-12293
-- Marc Deslauriers <email address hidden> Wed, 26 Jun 2019 10:14:59 -0400
|
Source diff to previous version |
CVE-2017-9865 |
The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service (stack-based buffer over |
CVE-2018-18897 |
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. |
CVE-2018-20662 |
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of |
CVE-2019-9631 |
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. |
CVE-2019-9903 |
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict. |
CVE-2019-10018 |
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. |
CVE-2019-10023 |
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. |
CVE-2019-10019 |
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. |
CVE-2019-10021 |
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. |
CVE-2019-10872 |
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. |
CVE-2019-12293 |
In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or width |
|
poppler (0.41.0-0ubuntu1.13) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-9200.patch: fix in
poppler/Stream.cc.
- CVE-2019-9200
-- <email address hidden> (Leonidas S. Barbosa) Thu, 28 Feb 2019 09:25:31 -0300
|
Source diff to previous version |
CVE-2019-9200 |
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending |
|
poppler (0.41.0-0ubuntu1.12) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20551.patch: fix in
poppler/Annot.cc.
- CVE-2018-20551
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-7310.patch: fix in
poppler/XRef.cc.
- CVE-2019-7310
-- <email address hidden> (Leonidas S. Barbosa) Wed, 06 Feb 2019 14:44:16 -0300
|
CVE-2018-20551 |
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media ann |
CVE-2019-7310 |
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attacke |
|
About
-
Send Feedback to @ubuntu_updates