CVE-2017-9408 A memory leak vulnerability was found in poppler in the function Object::initArray in Object.cc, which allows attackers to cause a denial of service via a crafted file. Upstream issue: https://bugs.freedesktop.org/show_bug.cgi?id=100776 CVE-2017-9406 A memory leak vulnerability was found in poppler in the function gmalloc in gmem.cc, which allows attackers to cause a denial of service via a crafted file. Upstream issue: https://bugs.freedesktop.org/show_bug.cgi?id=100775
For the record: https://github.com/ImageMagick/ImageMagick/issues/462#issuecomment-298251168
These have been addressed in 0.56.0, which is available in tree. There's another fix https://cgit.freedesktop.org/poppler/poppler/commit/?id=3a2759aa2a98c2157cb35731b95e393b8882f8d3 but that seems to point to a wrong CVE.
@ Maintainer(s): Can we start stabilization of =app-text/poppler-0.56.0?
(In reply to Thomas Deutschmann from comment #3) > @ Maintainer(s): Can we start stabilization of =app-text/poppler-0.56.0? I'm suggesting we move forward with 0.57.0 in bug #627390.
Setting dependency as per suggestion
These were actually fixed in 0.55
Added to existing GLSA
KDE work done.
This issue was resolved and addressed in GLSA 201801-17 at https://security.gentoo.org/glsa/201801-17 by GLSA coordinator Aaron Bauman (b-man).