(https://nvd.nist.gov/vuln/detail/CVE-2018-20481): XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. Patch: https://gitlab.freedesktop.org/adamreichold/poppler/commit/32a92c54f6df4e57f41e4f3ee03bbe5d6e066ef8 @maintainer(s): "Poppler 0.72.0 is vulnerable; other versions may also be affected." Gentoo Security Padawan (domhnall)
(https://nvd.nist.gov/vuln/detail/CVE-2018-20551): A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. Upsteam bug: https://gitlab.freedesktop.org/poppler/poppler/issues/703 Upsteam PR: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146
Cleanup done.