This bug was fixed in the package poppler - 0.62.0-2ubuntu2.4
---------------
poppler (0.62.0-2ubuntu2.4) bionic-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: infinite recursion via crafted file
- debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in
poppler/Parser.cc, poppler/XRef.h.
- CVE-2018-16646
* SECURITY UPDATE: denial of service via reachable abort
- debian/patches/CVE-2018-19058.patch: check for stream before calling
stream methods when saving an embedded file in poppler/FileSpec.cc.
- CVE-2018-19058
* SECURITY UPDATE: denial of service via out-of-bounds read
- debian/patches/CVE-2018-19059.patch: check for valid embedded file
before trying to save it in utils/pdfdetach.cc.
- CVE-2018-19059
* SECURITY UPDATE: denial of service via NULL pointer dereference
- debian/patches/CVE-2018-19060.patch: check for valid file name of
embedded file in utils/pdfdetach.cc.
- CVE-2018-19060
-- leo.barb...@canonical.com (Leonidas S. Barbosa) Fri, 30 Nov 2018
14:36:01 -0300
** Changed in: poppler (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16646
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19058
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19059
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19060
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/1803059
Title:
Nullpointer dereference
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
