Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Mageia: MGASA-2019-0092 Critical: Poppler Memory Leak and DoS Threats

mageia
Calendar Grey February 20, 2019
Dist Mageia Esm H88
The latest security patch for Poppler, identified as MGASA-2019-0092, resolves various vulnerabilities, such as potential memory leaks and the possibility of Denial of Service (DoS) attacks.
An issue was discovered in Poppler 0.71.0

Summary

An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. (CVE-2018-18897)
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. (CVE-2018-20481)
A reachable Object::getString assertion in Poppler 0.72.0 allows attackersto cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. (CVE-2018-20551)
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackersto cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. (CVE-2018-20650)
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer s...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24250

- https://ubuntu.com/security/notices/USN-3865-1

-

-

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CH33MK2BAV326CV7IKYGMFO4IYX552Z2/

- https://ubuntu.com/security/notices/USN-3886-1

- https://www.cve.org/CVERecord?id=CVE-2018-18897

- https://www.cve.org/CVERecord?id=CVE-2018-20481

- https://www.cve.org/CVERecord?id=CVE-2018-20551

- https://www.cve.org/CVERecord?id=CVE-2018-20650

- https://www.cve.org/CVERecord?id=CVE-2019-7310

Topics%20covered

Topics Covered

security advisory update DoS memory leak Poppler Mageia

Resolution

SRPMS

- 6/core/poppler-0.52.0-3.11.mga6

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 20 Feb 2019
URL: https://advisories.mageia.org/MGASA-2019-0092.html
Type: security
CVE: CVE-2018-18897, CVE-2018-20481, CVE-2018-20551, CVE-2018-20650, CVE-2019-7310

Topics%20covered

Topics Covered

security advisory update DoS memory leak Poppler Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here