Summary: | <app-text/poppler-0.73.0: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | printing, reavertm |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.freedesktop.org/poppler/poppler/issues/692 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 674666, 675446 | ||
Bug Blocks: |
Description
D'juan McDonald (domhnall)
2018-12-28 02:41:55 UTC
(https://nvd.nist.gov/vuln/detail/CVE-2018-20551): A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. Upsteam bug: https://gitlab.freedesktop.org/poppler/poppler/issues/703 Upsteam PR: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146 Cleanup done. |