CVE-2018-19060 (https://nvd.nist.gov/vuln/detail/CVE-2018-19060): An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path. CVE-2018-19059 (https://nvd.nist.gov/vuln/detail/CVE-2018-19059): An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts. CVE-2018-19058 (https://nvd.nist.gov/vuln/detail/CVE-2018-19058): An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. CVE-2018-18897 (https://nvd.nist.gov/vuln/detail/CVE-2018-18897): An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
CVE-2018-18897 was only fixed in 0.73.0.
Cleanup done.
