Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Fedora 30: FEDORA-2019-a457286734 Critical: xpdf Buffer Overflows

fedora
Calendar Grey October 25, 2019
Dist Fedora Esm H88
Xpdf version 4.02 introduces significant security enhancements, addressing various vulnerabilities to bolster overall protection.
xpdf 4.02

Summary

Xpdf is an X Window System based viewer for Portable Document Format

(PDF) files. Xpdf is a small and efficient program which uses

standard X fonts.

xpdf 4.02. Lots of security fixes here.

* Wed Oct 16 2019 Tom Callaway - 1:4.02-1

- update to 4.02

* Sat Jul 27 2019 Fedora Release Engineering - 1:4.01-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

[ 1 ] Bug #1728103 - CVE-2019-13286 xpdf: heap-based buffer over-read in function JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1728103

[ 2 ] Bug #1727737 - CVE-2019-13281 xpdf: heap-based buffer overflow in DCTStream::decodeImage() in Stream.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1727737

[ 3 ] Bug #1727734 - CVE-2019-13282 xpdf: heap-based buffer over-read in SampledFunction::transform in Function.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1727734

[ 4 ] Bug #1727730 - CVE-2019-13283 xpdf: heap-based buffer over-read in FoFiType1::parse in fofi/FoFiType1.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1727730

[ 5 ] Bug #1725690 - CVE-2019-12957 CVE-2019-12958 xpdf: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1725690

[ 6 ] Bug #1716836 - CVE-2019-12493 xpdf: stack-based buffer over-read in function PostScriptFunction::transform in Function.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1716836

[ 7 ] Bug #1716827 - CVE-2019-12515 xpdf: out-of-bounds read in function FlateStream::getChar() in Stream.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1716827

su -c 'dnf upgrade --advisory FEDORA-2019-a457286734' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora security fix heap overflow xpdf PDF viewer

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 30
Version: 4.02
Release: 1.fc30
URL: http://www.xpdfreader.com/
Summary: A PDF file viewer for the X Window System

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora security fix heap overflow xpdf PDF viewer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here