Vulmon
Amazon Linux 2 Security Advisory: ALAS-2023-2075
Advisory Release Date: 2023-06-05 16:39 Pacific
Advisory Updated Date: 2023-06-07 22:38 Pacific
Severity:
Medium
Issue Overview:
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. (CVE-2022-27337)
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. (CVE-2022-38784)
Affected Packages:
poppler
Issue Correction:
Run yum update poppler to update your system.
New Packages:
aarch64:
poppler-0.26.5-43.amzn2.1.1.aarch64
poppler-devel-0.26.5-43.amzn2.1.1.aarch64
poppler-glib-0.26.5-43.amzn2.1.1.aarch64
poppler-glib-devel-0.26.5-43.amzn2.1.1.aarch64
poppler-qt-0.26.5-43.amzn2.1.1.aarch64
poppler-qt-devel-0.26.5-43.amzn2.1.1.aarch64
poppler-cpp-0.26.5-43.amzn2.1.1.aarch64
poppler-cpp-devel-0.26.5-43.amzn2.1.1.aarch64
poppler-utils-0.26.5-43.amzn2.1.1.aarch64
poppler-demos-0.26.5-43.amzn2.1.1.aarch64
poppler-debuginfo-0.26.5-43.amzn2.1.1.aarch64
i686:
poppler-0.26.5-43.amzn2.1.1.i686
poppler-devel-0.26.5-43.amzn2.1.1.i686
poppler-glib-0.26.5-43.amzn2.1.1.i686
poppler-glib-devel-0.26.5-43.amzn2.1.1.i686
poppler-qt-0.26.5-43.amzn2.1.1.i686
poppler-qt-devel-0.26.5-43.amzn2.1.1.i686
poppler-cpp-0.26.5-43.amzn2.1.1.i686
poppler-cpp-devel-0.26.5-43.amzn2.1.1.i686
poppler-utils-0.26.5-43.amzn2.1.1.i686
poppler-demos-0.26.5-43.amzn2.1.1.i686
poppler-debuginfo-0.26.5-43.amzn2.1.1.i686
src:
poppler-0.26.5-43.amzn2.1.1.src
x86_64:
poppler-0.26.5-43.amzn2.1.1.x86_64
poppler-devel-0.26.5-43.amzn2.1.1.x86_64
poppler-glib-0.26.5-43.amzn2.1.1.x86_64
poppler-glib-devel-0.26.5-43.amzn2.1.1.x86_64
poppler-qt-0.26.5-43.amzn2.1.1.x86_64
poppler-qt-devel-0.26.5-43.amzn2.1.1.x86_64
poppler-cpp-0.26.5-43.amzn2.1.1.x86_64
poppler-cpp-devel-0.26.5-43.amzn2.1.1.x86_64
poppler-utils-0.26.5-43.amzn2.1.1.x86_64
poppler-demos-0.26.5-43.amzn2.1.1.x86_64
poppler-debuginfo-0.26.5-43.amzn2.1.1.x86_64