Please see $URL for details. @security, no CVE for this issue as of: Vendor Disclosure [2019-3-16] Gentoo Security Padawan (domhnall)
Fixed in: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/210/diffs?commit_id=fada09a2ccc11a3a1d308e810f1336d8df6011fd
CVE ID: CVE-2019-9903 Summary: PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c21200f502c2efbddf80d5ff88aae6b24213a6dc commit c21200f502c2efbddf80d5ff88aae6b24213a6dc Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2019-06-14 17:53:29 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2019-06-14 20:42:20 +0000 app-text/poppler: Security cleanup Bug: https://bugs.gentoo.org/674618 Bug: https://bugs.gentoo.org/681128 Bug: https://bugs.gentoo.org/681152 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.66, Repoman-2.3.11 app-text/poppler/Manifest | 2 - app-text/poppler/poppler-0.74.0.ebuild | 127 --------------------------------- app-text/poppler/poppler-0.76.1.ebuild | 127 --------------------------------- 3 files changed, 256 deletions(-)
Cleanup done, KDE team out.