Source: poppler Version: 0.69.0-2 Severity: normal Tags: security upstream Forwarded: https://gitlab.freedesktop.org/poppler/poppler/issues/706
Hi, The following vulnerability was published for poppler. CVE-2018-20662[0]: | In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause | a denial-of-service (application crash caused by Object.h SIGABRT, | because of a wrong return value from PDFDoc::setup) by crafting a PDF | file in which an xref data structure is mishandled during | extractPDFSubtype processing. Please note that the initial apporach upstream commited was reverted again, because it caused regressions on some files. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20662 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20662 [1] https://gitlab.freedesktop.org/poppler/poppler/issues/706 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
