Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia: 2019-0419 Moderate: pdfresurrect Buffer Overflow Issues

mageia
Calendar Grey December 31, 2019
Dist Mageia Esm H88
Mageia 2019-0420 introduces a vital patch for libpng, addressing significant vulnerabilities related to memory corruption and denial of service.
Updated pdfresurrect package fixes security vulnerabilities: A vulnerability was found in PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated wi...

Summary

Updated pdfresurrect package fixes security vulnerabilities:
A vulnerability was found in PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled (CVE-2019-14267).
An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write (CVE-2019-14934).

References

- https://bugs.mageia.org/show_bug.cgi?id=25942

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LXN6W5QTNQJ2LFDCQWKYSMMZ3NPUWP3U/

- https://www.cve.org/CVERecord?id=CVE-2019-14267

- https://www.cve.org/CVERecord?id=CVE-2019-14934

Topics%20covered

Topics Covered

security advisory buffer overflow security fix memory error malformed PDF Mageia pdfresurrect

Resolution

SRPMS

- 7/core/pdfresurrect-0.18-1.mga7

Publication date: 31 Dec 2019
URL: https://advisories.mageia.org/MGASA-2019-0419.html
Type: security
CVE: CVE-2019-14267, CVE-2019-14934

Topics%20covered

Topics Covered

security advisory buffer overflow security fix memory error malformed PDF Mageia pdfresurrect

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here