Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Mageia: 2019-0277 High: Libpng Memory Corruption Vulnerability Mitigation

mageia
Calendar Grey September 15, 2019
Dist Mageia Esm H88
The recent update MGASA-2022-0361 for OpenSSH resolves critical security issues, mitigating potential risks associated with buffer overflow attacks.
The updated packages fix security vulnerabilities: The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Int...

Summary

The updated packages fix security vulnerabilities:
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. (CVE-2019-9959)
An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. (CVE-2019-10871)

References

- https://bugs.mageia.org/show_bug.cgi?id=25432

- https://access.redhat.com/errata/RHSA-2019:2713

- https://www.cve.org/CVERecord?id=CVE-2019-9959

- https://www.cve.org/CVERecord?id=CVE-2019-10871

Topics%20covered

Topics Covered

security advisory integer overflow poppler Mageia heap attack

Resolution

SRPMS

- 7/core/poppler-0.74.0-3.2.mga7

- 6/core/poppler-0.52.0-3.14.mga6

Publication date: 15 Sep 2019
URL: https://advisories.mageia.org/MGASA-2019-0276.html
Type: security
CVE: CVE-2019-9959, CVE-2019-10871

Topics%20covered

Topics Covered

security advisory integer overflow poppler Mageia heap attack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here