Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Fedora 26: 2017-51ff8fe326 Moderate: Poppler Memory Corruption Threat

fedora
Calendar Grey November 7, 2017
Dist Fedora Esm H88
Ubuntu releases a LibreOffice security patch addressing various vulnerabilities. Ensure your software is current to safeguard your data.
Resolves: rhbz#1505731 rebuild for qt5 5.9.2 ---- Security fix for CVE-2017-14926, CVE-2017-14927 and CVE-2017-14928

Summary

poppler is a PDF rendering library.

Resolves: rhbz#1505731 rebuild for qt5 5.9.2 ---- Security fix for

CVE-2017-14926, CVE-2017-14927 and CVE-2017-14928. ---- Security fix for

CVE-2017-14617 ---- Security fix for CVE-2017-14517, CVE-2017-14518,

CVE-2017-14519 and CVE-2017-14929.

[ 1 ] Bug #1500322 - CVE-2017-14928 poppler: NULL pointer dereference in the AnnotRichMedia::Configuration::Configuration

https://bugzilla.redhat.com/show_bug.cgi?id=1500322

[ 2 ] Bug #1500323 - CVE-2017-14926 poppler: NULL pointer dereference in the AnnotRichMedia::Content::Content

https://bugzilla.redhat.com/show_bug.cgi?id=1500323

[ 3 ] Bug #1500324 - CVE-2017-14927 poppler: NULL pointer dereference in the SplashOutputDev::type3D0() function

https://bugzilla.redhat.com/show_bug.cgi?id=1500324

[ 4 ] Bug #1499905 - CVE-2017-14617 poppler: Floating point exception in the ImageStream class

https://bugzilla.redhat.com/show_bug.cgi?id=1499905

[ 5 ] Bug #1499162 - CVE-2017-14517 poppler: NULL pointer dereference in the XRef::parseEntry() function

https://bugzilla.redhat.com/show_bug.cgi?id=1499162

[ 6 ] Bug #1499163 - CVE-2017-14518 poppler: Floating point exception in the isImageInterpolationRequired() function

https://bugzilla.redhat.com/show_bug.cgi?id=1499163

[ 7 ] Bug #1499165 - CVE-2017-14519 poppler: Memory corruption via Gfx.cc infinite loop

https://bugzilla.redhat.com/show_bug.cgi?id=1499165

[ 8 ] Bug #1499167 - CVE-2017-14929 poppler: Memory corruption via Gfx.cc infinite loop

https://bugzilla.redhat.com/show_bug.cgi?id=1499167

su -c 'dnf upgrade poppler' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory Fedora memory corruption moderate severity NULL pointer fix poppler

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 26
Version: 0.52.0
Release: 9.fc26
URL: http://poppler.freedesktop.org/
Summary: PDF rendering library

Topics%20covered

Topics Covered

security advisory Fedora memory corruption moderate severity NULL pointer fix poppler

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here