[Bug 2106404] Re: poppler April 2025 security fixes

Launchpad Bug Tracker Fri, 11 Apr 2025 17:21:00 -0700

This bug was fixed in the package poppler - 25.03.0-3

---------------
poppler (25.03.0-3) unstable; urgency=high


  * Team upload
  * SECURITY UPDATE: floating-point exception vulnerability (Closes: #1102190)
     - Cherry-pick upstream fix for the PSStack::roll function
       in Function.cc
     - CVE-2025-32364
  * SECURITY UPDATE: out-of-bounds read vulnerability (Closes: #1102191)
     - Cherry-pick upstream fix for the JBIG2Bitmap::combine function
       in JBIG2Stream.cc (LP: #2106404)
     - CVE-2025-32365

 -- Jeremy Bícha <jbi...@ubuntu.com>  Mon, 07 Apr 2025 11:11:10 -0400

** Changed in: poppler (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-32364

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-32365

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/2106404

Title:
  poppler April 2025 security fixes

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/2106404/+subscriptions


-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 2106404] Re: poppler April 2025 security fixes

Reply via email to