Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 25: 2017-805d9423f8 Critical: Poppler Memory Issue

fedora
Calendar Grey November 1, 2017
Dist Fedora Esm H88
A recent security patch for Poppler addresses several vulnerabilities in Fedora, including potential memory leaks and floating-point anomalies.
Security fix for CVE-2017-14926, CVE-2017-14927 and CVE-2017-14928

Summary

Poppler, a PDF rendering library, is a fork of the xpdf PDF

viewer developed by Derek Noonburg of Glyph and Cog, LLC.

Security fix for CVE-2017-14926, CVE-2017-14927 and CVE-2017-14928. ----Security fix for CVE-2017-14617 ---- Security fix for CVE-2017-14517,

CVE-2017-14518, CVE-2017-14519 and CVE-2017-14929. ---- - CVE-2017-14520

Floating point exception in Splash::scaleImageYuXd

[ 1 ] Bug #1500322 - CVE-2017-14928 poppler: NULL pointer dereference in the AnnotRichMedia::Configuration::Configuration

https://bugzilla.redhat.com/show_bug.cgi?id=1500322

[ 2 ] Bug #1500323 - CVE-2017-14926 poppler: NULL pointer dereference in the AnnotRichMedia::Content::Content

https://bugzilla.redhat.com/show_bug.cgi?id=1500323

[ 3 ] Bug #1500324 - CVE-2017-14927 poppler: NULL pointer dereference in the SplashOutputDev::type3D0() function

https://bugzilla.redhat.com/show_bug.cgi?id=1500324

[ 4 ] Bug #1499905 - CVE-2017-14617 poppler: Floating point exception in the ImageStream class

https://bugzilla.redhat.com/show_bug.cgi?id=1499905

[ 5 ] Bug #1499162 - CVE-2017-14517 poppler: NULL pointer dereference in the XRef::parseEntry() function

https://bugzilla.redhat.com/show_bug.cgi?id=1499162

[ 6 ] Bug #1499163 - CVE-2017-14518 poppler: Floating point exception in the isImageInterpolationRequired() function

https://bugzilla.redhat.com/show_bug.cgi?id=1499163

[ 7 ] Bug #1499165 - CVE-2017-14519 poppler: Memory corruption via Gfx.cc infinite loop

https://bugzilla.redhat.com/show_bug.cgi?id=1499165

[ 8 ] Bug #1499167 - CVE-2017-14929 poppler: Memory corruption via Gfx.cc infinite loop

https://bugzilla.redhat.com/show_bug.cgi?id=1499167

su -c 'dnf upgrade poppler' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory critical issue Fedora memory error Poppler PDF library

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 25
Version: 0.45.0
Release: 9.fc25
URL: http://poppler.freedesktop.org/
Summary: PDF rendering library

Topics%20covered

Topics Covered

security advisory critical issue Fedora memory error Poppler PDF library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here