This bug was fixed in the package poppler - 0.62.0-2ubuntu2.4
---------------
poppler (0.62.0-2ubuntu2.4) bionic-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: infinite recursion via crafted file
- debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
poppler/Parser.cc, poppler/XRef.h.
- CVE-2018-16646
* SECURITY UPDATE: denial of service via reachable abort
- debian/patches/CVE-2018-19058.patch: check for stream before calling
stream methods when saving an embedded file in poppler/FileSpec.cc.
- CVE-2018-19058
* SECURITY UPDATE: denial of service via out-of-bounds read
- debian/patches/CVE-2018-19059.patch: check for valid embedded file
before trying to save it in utils/pdfdetach.cc.
- CVE-2018-19059
* SECURITY UPDATE: denial of service via NULL pointer dereference
- debian/patches/CVE-2018-19060.patch: check for valid file name of
embedded file in utils/pdfdetach.cc.
- CVE-2018-19060
-- leo.barb...@canonical.com (Leonidas S. Barbosa) Fri, 30 Nov 2018
14:36:01 -0300
** Changed in: poppler (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16646
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19058
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19059
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19060
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/1803059
Title:
Nullpointer dereference
Status in poppler package in Ubuntu:
Fix Committed
Status in poppler source package in Bionic:
Fix Released
Status in poppler source package in Cosmic:
Fix Committed
Bug description:
* Impact
Evince segfaults on some pdf documents
* Test case
Download and try to open
https://bugs.freedesktop.org/attachment.cgi?id=138927 with evince, it shouldn't
segfault
* Regression potential
Nothing special to test, make sure evince still opens pdfs without issue
-----------------------------
System Info: Linux zero 4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10
10:59:38 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Evince version: GNOME Document Viewer 3.28.4
While fuzzing evince v3.28.4, on linux 4.15.0-38-generic (Ubuntu 18.04
LTS), a null-pointer dereference was observed, initially this was
reported to evince but the evince team advised that the issue is in
poppler, the library used by evince to render PDF, poppler version:
0.62.0-2ubuntu2.2 is vulnerable to null-pointer dereference, however
the issue is already fixed in poppler 0.70, but this will still crash
your evince v3.28.4 in ubuntu if poppler is not updated to v.0.70.
Fuzzing result showing a very important vulnerability in a package
currently shipped by a major Linux distribution is still of interest,
even if that Linux distribution does not package the latest released
upstream version. I think Ubuntu is still using,
Source: poppler
Version: 0.62.0-2ubuntu2.2
So, most of the systems will be affected to this issue.
Upstream: https://gitlab.freedesktop.org/poppler/poppler/issues/664
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
