| Summary: | <app-text/poppler-0.57.0-r1: in Poppler 0.59.0, Multiple Vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | printing, reavertm |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugs.freedesktop.org/show_bug.cgi?id=102{688,701,719} | ||
| See Also: |
https://bugs.freedesktop.org/show_bug.cgi?id=102688 https://bugs.freedesktop.org/show_bug.cgi?id=102701 https://bugs.freedesktop.org/show_bug.cgi?id=102719 |
||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: | Runtime testing required: | --- | |
Fixes: https://cgit.freedesktop.org/poppler/poppler/commit/?id=80f9819b6233f9f9b5fd44f0e4cad026e5d048c2 https://cgit.freedesktop.org/poppler/poppler/commit/?id=aaf5327649e8f7371c9d3270e7813c43ddfd47ee https://cgit.freedesktop.org/poppler/poppler/commit/?id=504b3590182175390f474657a372e78fb1508262 Not yet in any release. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3537c5c4ed62c425068d9a3d3f226fe53cbf9ba commit f3537c5c4ed62c425068d9a3d3f226fe53cbf9ba Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2017-11-24 21:29:00 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2017-11-24 23:06:22 +0000 app-text/poppler: Fix CVE-2017-145{18,19,20} Bug: https://bugs.gentoo.org/631292 Package-Manager: Portage-2.3.16, Repoman-2.3.6 .../files/poppler-0.57.0-CVE-2017-14518.patch | 27 ++++++ .../files/poppler-0.57.0-CVE-2017-14519.patch | 100 +++++++++++++++++++++ .../files/poppler-0.57.0-CVE-2017-14520.patch | 24 +++++ app-text/poppler/poppler-0.57.0-r1.ebuild | 3 + 4 files changed, 154 insertions(+)} GLSA Vote: No Tree is clean. |
from {URL}: CVE-2017-14518:https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14518 In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. CVE-2017-14519:https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14519 In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). CVE-2017-14520:https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14520 In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. @maintainer(s), if stabilization is needed please call for it, thank you. Daj Uan (jmbailey) Gentoo Security Padawan