Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 17.04: USN-3350-1 Moderate: Poppler PDF Denial Of Service

ubuntu
Calendar Grey July 7, 2017
Dist Ubuntu Esm H88
Upgrade your Ubuntu installation to address poppler security flaws and improve defense against specially crafted PDF documents.
poppler could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

poppler could be made to crash or run programs as your login if it opened a

specially crafted file.

Software Description:

- poppler: PDF rendering library

Details:

Aleksandar Nikolic discovered that poppler incorrectly handled JPEG 2000

images. If a user or automated system were tricked into opening a crafted

PDF file, an attacker could cause a denial of service or possibly execute

arbitrary code with privileges of the user invoking the program.

(CVE-2017-2820)

Jiaqi Peng discovered that the poppler pdfunite tool incorrectly parsed

certain malformed PDF documents. If a user or automated system were tricked

into opening a crafted PDF file, an attacker could cause poppler to crash,

resulting in a denial of service. (CVE-2017-7511)

It was discovered that the poppler pdfunite tool incorrectly parsed certain

malformed PDF documents. If a user or automated system were tricked into

opening a crafted PDF file, an attacker could cause poppler to hang,

resulting i...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.04:
  libpoppler-cpp0v5               0.48.0-2ubuntu2.1
  libpoppler-glib8                0.48.0-2ubuntu2.1
  libpoppler-qt4-4                0.48.0-2ubuntu2.1
  libpoppler-qt5-1                0.48.0-2ubuntu2.1
  libpoppler64                    0.48.0-2ubuntu2.1
  poppler-utils                   0.48.0-2ubuntu2.1

Ubuntu 16.10:
  libpoppler-cpp0v5               0.44.0-3ubuntu2.1
  libpoppler-glib8                0.44.0-3ubuntu2.1
  libpoppler-qt4-4                0.44.0-3ubuntu2.1
  libpoppler-qt5-1                0.44.0-3ubuntu2.1
  libpoppler61                    0.44.0-3ubuntu2.1
  poppler-utils                   0.44.0-3ubuntu2.1

Ubuntu 16.04 LTS:
  libpoppler-cpp0                 0.41.0-0ubuntu1.2
  libpoppler-glib8                0.41.0-0ubuntu1.2
  libpoppler-qt4-4                0.41.0-0ubuntu1.2
  libpoppler-qt5-1                0.41.0-0ubuntu1.2
  libpoppler58                    0.41.0-0ubuntu1.2
  poppler-utils                   0.41.0-0ubuntu1.2

Ubuntu 14.04 LTS:
  libpoppler-cpp0                 0.24.5-2ubuntu4.5
  libpoppler-glib8                0.24.5-2ubuntu4.5
  libpoppler-qt4-4                0.24.5-2ubuntu4.5
  libpoppler-qt5-1                0.24.5-2ubuntu4.5
  libpoppler44                    0.24.5-2ubuntu4.5
  poppler-utils                   0.24.5-2ubuntu4.5

In general, a standard system update will make all the necessary changes.

References

CVE-2017-2820, CVE-2017-7511, CVE-2017-7515, CVE-2017-9083,

CVE-2017-9406, CVE-2017-9408, CVE-2017-9775

Severity
important
Lowest
Low
Medium
High
Critical

July 07, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here