Medium: poppler

Issue Overview:

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. (CVE-2020-36023)

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. (CVE-2020-36024)

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. (CVE-2022-38349)

Affected Packages:

poppler

Issue Correction:
Run yum update poppler to update your system.

New Packages:

i686:  
    poppler-devel-0.26.5-43.26.amzn1.i686  
    poppler-cpp-devel-0.26.5-43.26.amzn1.i686  
    poppler-0.26.5-43.26.amzn1.i686  
    poppler-glib-0.26.5-43.26.amzn1.i686  
    poppler-glib-devel-0.26.5-43.26.amzn1.i686  
    poppler-cpp-0.26.5-43.26.amzn1.i686  
    poppler-debuginfo-0.26.5-43.26.amzn1.i686  
    poppler-utils-0.26.5-43.26.amzn1.i686  
  
src:  
    poppler-0.26.5-43.26.amzn1.src  
  
x86_64:  
    poppler-glib-0.26.5-43.26.amzn1.x86_64  
    poppler-debuginfo-0.26.5-43.26.amzn1.x86_64  
    poppler-utils-0.26.5-43.26.amzn1.x86_64  
    poppler-0.26.5-43.26.amzn1.x86_64  
    poppler-devel-0.26.5-43.26.amzn1.x86_64  
    poppler-cpp-devel-0.26.5-43.26.amzn1.x86_64  
    poppler-glib-devel-0.26.5-43.26.amzn1.x86_64  
    poppler-cpp-0.26.5-43.26.amzn1.x86_64  

Additional References

Red Hat: CVE-2020-36023, CVE-2020-36024, CVE-2022-38349

Mitre: CVE-2020-36023, CVE-2020-36024, CVE-2022-38349