poppler (SL7)

By Scientific Linux Team on August 26, 2019

Synopsis: Moderate: poppler security, bug fix, and enhancement update
Advisory ID: SLSA-2019:2022-1
Issue Date: 2019-08-06
CVE Numbers: CVE-2018-16646
CVE-2019-9631
CVE-2018-18897
CVE-2018-19058
CVE-2018-20650
CVE-2018-20662
CVE-2019-9200
CVE-2019-7310
CVE-2018-19059
CVE-2018-20481
CVE-2018-19060
CVE-2018-19149

Security Fix(es):

* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc
(CVE-2019-7310)

* poppler: heap-based buffer overflow in function ImageStream::getLine()
in Stream.cc (CVE-2019-9200)

* poppler: infinite recursion in Parser::getObj function in Parser.cc
(CVE-2018-16646)

* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc
(CVE-2018-18897)

* poppler: reachable abort in Object.h (CVE-2018-19058)

* poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc
(CVE-2018-19059)

* poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)

* poppler: NULL pointer dereference in _poppler_attachment_new
(CVE-2018-19149)

* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc
(CVE-2018-20481)

* poppler: reachable Object::dictLookup assertion in FileSpec class in
FileSpec.cc (CVE-2018-20650)

* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)

* poppler: heap-based buffer over-read in function
downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)

SL7
x86_64
okular-part-4.10.5-7.el7.x86_64.rpm
okular-devel-4.10.5-7.el7.i686.rpm
okular-libs-4.10.5-7.el7.x86_64.rpm
evince-nautilus-3.28.2-8.el7.x86_64.rpm
poppler-qt-0.26.5-38.el7.x86_64.rpm
okular-libs-4.10.5-7.el7.i686.rpm
poppler-0.26.5-38.el7.x86_64.rpm
poppler-utils-0.26.5-38.el7.x86_64.rpm
poppler-qt-0.26.5-38.el7.i686.rpm
okular-devel-4.10.5-7.el7.x86_64.rpm
okular-4.10.5-7.el7.x86_64.rpm
evince-dvi-3.28.2-8.el7.x86_64.rpm
evince-libs-3.28.2-8.el7.i686.rpm
poppler-glib-0.26.5-38.el7.x86_64.rpm
evince-3.28.2-8.el7.x86_64.rpm
poppler-glib-0.26.5-38.el7.i686.rpm
poppler-0.26.5-38.el7.i686.rpm
evince-libs-3.28.2-8.el7.x86_64.rpm
evince-devel-3.28.2-8.el7.i686.rpm
poppler-cpp-0.26.5-38.el7.x86_64.rpm
poppler-devel-0.26.5-38.el7.x86_64.rpm
poppler-qt-devel-0.26.5-38.el7.i686.rpm
poppler-cpp-devel-0.26.5-38.el7.i686.rpm
poppler-qt-devel-0.26.5-38.el7.x86_64.rpm
poppler-cpp-0.26.5-38.el7.i686.rpm
evince-devel-3.28.2-8.el7.x86_64.rpm
poppler-devel-0.26.5-38.el7.i686.rpm
evince-browser-plugin-3.28.2-8.el7.x86_64.rpm
poppler-demos-0.26.5-38.el7.x86_64.rpm
poppler-glib-devel-0.26.5-38.el7.x86_64.rpm
poppler-cpp-devel-0.26.5-38.el7.x86_64.rpm
poppler-glib-devel-0.26.5-38.el7.i686.rpm
evince-debuginfo-3.28.2-8.el7.i686.rpm
evince-debuginfo-3.28.2-8.el7.x86_64.rpm
okular-debuginfo-4.10.5-7.el7.i686.rpm
okular-debuginfo-4.10.5-7.el7.x86_64.rpm
poppler-debuginfo-0.26.5-38.el7.i686.rpm
poppler-debuginfo-0.26.5-38.el7.x86_64.rpm

– Scientific Linux Development Team