Lucene search

DebianDEBIAN:DLA-1562-1:45915

HistoryOct 31, 2018 - 9:38 p.m.

[SECURITY] [DLA 1562-1] poppler security update

2018-10-3121:38:15

lists.debian.org

482

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.4%

JSON

Package : poppler
Version : 0.26.5-2+deb8u5
CVE ID : CVE-2017-18267 CVE-2018-10768 CVE-2018-13988 CVE-2018-16646
Debian Bug : 898357 909802

Various security issues were discovered in the poppler PDF rendering
shared library.

CVE-2017-18267

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler
through 0.64.0 allows remote attackers to cause a denial of service
(infinite recursion) via a crafted PDF file, as demonstrated by
pdftops.

The applied fix in FoFiType1C::cvtGlyph prevents infinite recursion
on such malformed documents.

CVE-2018-10768

A NULL pointer dereference in the AnnotPath::getCoordsLength function
in Annot.h in Poppler 0.24.5 had been discovered. A crafted input
will lead to a remote denial of service attack. Later versions of
Poppler such as 0.41.0 are not affected.

The applied patch fixes the crash on AnnotInk::draw for malformed
documents.

CVE-2018-13988

Poppler through 0.62 contains an out of bounds read vulnerability due
to an incorrect memory access that is not mapped in its memory space,
as demonstrated by pdfunite. This can result in memory corruption and
denial of service. This may be exploitable when a victim opens a
specially crafted PDF file.

The applied patch fixes crashes when Object has negative number.
(Specs say, number has to be &gt; 0 and gen &gt;= 0).

For Poppler in Debian jessie, the original upstream patch has been
backported to Poppler&#x27;s old Object API.

CVE-2018-16646

In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may
cause infinite recursion via a crafted file. A remote attacker can
leverage this for a DoS attack.

A range of upstream patches has been applied to Poppler&#x27;s XRef.cc in
Debian jessie to consolidate a fix for this issue.

For Debian 8 "Jessie", these problems have been fixed in version
0.26.5-2+deb8u5.

We recommend that you upgrade your poppler packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

–

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: [email protected], http://sunweavers.net

Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian9armellibpoppler-private-dev< 0.48.0-2+deb9u3libpoppler-private-dev_0.48.0-2+deb9u3_armel.deb
Debian8amd64libpoppler-dev< 0.26.5-2+deb8u5libpoppler-dev_0.26.5-2+deb8u5_amd64.deb
Debian8armelpoppler-dbg< 0.26.5-2+deb8u5poppler-dbg_0.26.5-2+deb8u5_armel.deb
Debian9arm64poppler-dbg< 0.48.0-2+deb9u3poppler-dbg_0.48.0-2+deb9u3_arm64.deb
Debian9armhflibpoppler-qt4-dev< 0.48.0-2+deb9u3libpoppler-qt4-dev_0.48.0-2+deb9u3_armhf.deb
Debian9arm64libpoppler-qt5-1< 0.48.0-2+deb9u3libpoppler-qt5-1_0.48.0-2+deb9u3_arm64.deb
Debian8amd64libpoppler-cpp0< 0.26.5-2+deb8u5libpoppler-cpp0_0.26.5-2+deb8u5_amd64.deb
Debian9amd64gir1.2-poppler-0.18< 0.48.0-2+deb9u3gir1.2-poppler-0.18_0.48.0-2+deb9u3_amd64.deb
Debian8i386libpoppler-glib-dev< 0.26.5-2+deb8u7libpoppler-glib-dev_0.26.5-2+deb8u7_i386.deb
Debian8i386libpoppler-private-dev< 0.26.5-2+deb8u7libpoppler-private-dev_0.26.5-2+deb8u7_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armel	libpoppler-private-dev	< 0.48.0-2+deb9u3	libpoppler-private-dev_0.48.0-2+deb9u3_armel.deb
Debian	8	amd64	libpoppler-dev	< 0.26.5-2+deb8u5	libpoppler-dev_0.26.5-2+deb8u5_amd64.deb
Debian	8	armel	poppler-dbg	< 0.26.5-2+deb8u5	poppler-dbg_0.26.5-2+deb8u5_armel.deb
Debian	9	arm64	poppler-dbg	< 0.48.0-2+deb9u3	poppler-dbg_0.48.0-2+deb9u3_arm64.deb
Debian	9	armhf	libpoppler-qt4-dev	< 0.48.0-2+deb9u3	libpoppler-qt4-dev_0.48.0-2+deb9u3_armhf.deb
Debian	9	arm64	libpoppler-qt5-1	< 0.48.0-2+deb9u3	libpoppler-qt5-1_0.48.0-2+deb9u3_arm64.deb
Debian	8	amd64	libpoppler-cpp0	< 0.26.5-2+deb8u5	libpoppler-cpp0_0.26.5-2+deb8u5_amd64.deb
Debian	9	amd64	gir1.2-poppler-0.18	< 0.48.0-2+deb9u3	gir1.2-poppler-0.18_0.48.0-2+deb9u3_amd64.deb
Debian	8	i386	libpoppler-glib-dev	< 0.26.5-2+deb8u7	libpoppler-glib-dev_0.26.5-2+deb8u7_i386.deb
Debian	8	i386	libpoppler-private-dev	< 0.26.5-2+deb8u7	libpoppler-private-dev_0.26.5-2+deb8u7_i386.deb