Medium: poppler

2017-09-29T21:05:00
ID ALAS-2017-902
Type amazon
Reporter Amazon
Modified 2017-09-29T21:05:00

Description

Issue Overview:

Stack-buffer overflow in GfxState.cc:
A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775 __)

Integer overflow in JBIG2Stream.cc:
An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776 __)

Affected Packages:

poppler

Issue Correction:
Run yum update poppler to update your system.

New Packages:

i686:  
    poppler-cpp-devel-0.26.5-17.17.amzn1.i686  
    poppler-cpp-0.26.5-17.17.amzn1.i686  
    poppler-0.26.5-17.17.amzn1.i686  
    poppler-debuginfo-0.26.5-17.17.amzn1.i686  
    poppler-glib-devel-0.26.5-17.17.amzn1.i686  
    poppler-glib-0.26.5-17.17.amzn1.i686  
    poppler-utils-0.26.5-17.17.amzn1.i686  
    poppler-devel-0.26.5-17.17.amzn1.i686

src:  
    poppler-0.26.5-17.17.amzn1.src

x86_64:  
    poppler-cpp-0.26.5-17.17.amzn1.x86_64  
    poppler-glib-devel-0.26.5-17.17.amzn1.x86_64  
    poppler-devel-0.26.5-17.17.amzn1.x86_64  
    poppler-glib-0.26.5-17.17.amzn1.x86_64  
    poppler-0.26.5-17.17.amzn1.x86_64  
    poppler-debuginfo-0.26.5-17.17.amzn1.x86_64  
    poppler-utils-0.26.5-17.17.amzn1.x86_64  
    poppler-cpp-devel-0.26.5-17.17.amzn1.x86_64