This bug was fixed in the package poppler - 0.62.0-2ubuntu2.4 --------------- poppler (0.62.0-2ubuntu2.4) bionic-security; urgency=medium
[ Marc Deslauriers ] * SECURITY UPDATE: infinite recursion via crafted file - debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in poppler/Parser.cc, poppler/XRef.h. - CVE-2018-16646 * SECURITY UPDATE: denial of service via reachable abort - debian/patches/CVE-2018-19058.patch: check for stream before calling stream methods when saving an embedded file in poppler/FileSpec.cc. - CVE-2018-19058 * SECURITY UPDATE: denial of service via out-of-bounds read - debian/patches/CVE-2018-19059.patch: check for valid embedded file before trying to save it in utils/pdfdetach.cc. - CVE-2018-19059 * SECURITY UPDATE: denial of service via NULL pointer dereference - debian/patches/CVE-2018-19060.patch: check for valid file name of embedded file in utils/pdfdetach.cc. - CVE-2018-19060 -- leo.barb...@canonical.com (Leonidas S. Barbosa) Fri, 30 Nov 2018 14:36:01 -0300 ** Changed in: poppler (Ubuntu Bionic) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16646 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19058 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19059 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19060 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs