Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-36023 CVE-2020-36024 CVE-2022-38349

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. (CVE-2020-36023) An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. (CVE-2020-36024) An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. (CVE-2022-38349)

Source

ALAS2-2023-2281

Amazon Linux 2 Security Advisory: ALAS-2023-2281
Advisory Release Date: 2023-09-27 22:49 Pacific
Advisory Updated Date: 2023-10-05 22:15 Pacific

Severity: Medium

References: CVE-2020-36023 CVE-2020-36024 CVE-2022-38349
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. (CVE-2020-36023)

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. (CVE-2020-36024)

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. (CVE-2022-38349)

Affected Packages:

poppler

Issue Correction:
Run yum update poppler to update your system.

New Packages:

aarch64:
    poppler-0.26.5-43.amzn2.1.5.aarch64
    poppler-devel-0.26.5-43.amzn2.1.5.aarch64
    poppler-glib-0.26.5-43.amzn2.1.5.aarch64
    poppler-glib-devel-0.26.5-43.amzn2.1.5.aarch64
    poppler-qt-0.26.5-43.amzn2.1.5.aarch64
    poppler-qt-devel-0.26.5-43.amzn2.1.5.aarch64
    poppler-cpp-0.26.5-43.amzn2.1.5.aarch64
    poppler-cpp-devel-0.26.5-43.amzn2.1.5.aarch64
    poppler-utils-0.26.5-43.amzn2.1.5.aarch64
    poppler-demos-0.26.5-43.amzn2.1.5.aarch64
    poppler-debuginfo-0.26.5-43.amzn2.1.5.aarch64

i686:
    poppler-0.26.5-43.amzn2.1.5.i686
    poppler-devel-0.26.5-43.amzn2.1.5.i686
    poppler-glib-0.26.5-43.amzn2.1.5.i686
    poppler-glib-devel-0.26.5-43.amzn2.1.5.i686
    poppler-qt-0.26.5-43.amzn2.1.5.i686
    poppler-qt-devel-0.26.5-43.amzn2.1.5.i686
    poppler-cpp-0.26.5-43.amzn2.1.5.i686
    poppler-cpp-devel-0.26.5-43.amzn2.1.5.i686
    poppler-utils-0.26.5-43.amzn2.1.5.i686
    poppler-demos-0.26.5-43.amzn2.1.5.i686
    poppler-debuginfo-0.26.5-43.amzn2.1.5.i686

src:
    poppler-0.26.5-43.amzn2.1.5.src

x86_64:
    poppler-0.26.5-43.amzn2.1.5.x86_64
    poppler-devel-0.26.5-43.amzn2.1.5.x86_64
    poppler-glib-0.26.5-43.amzn2.1.5.x86_64
    poppler-glib-devel-0.26.5-43.amzn2.1.5.x86_64
    poppler-qt-0.26.5-43.amzn2.1.5.x86_64
    poppler-qt-devel-0.26.5-43.amzn2.1.5.x86_64
    poppler-cpp-0.26.5-43.amzn2.1.5.x86_64
    poppler-cpp-devel-0.26.5-43.amzn2.1.5.x86_64
    poppler-utils-0.26.5-43.amzn2.1.5.x86_64
    poppler-demos-0.26.5-43.amzn2.1.5.x86_64
    poppler-debuginfo-0.26.5-43.amzn2.1.5.x86_64

Additional References

Red Hat: CVE-2020-36023, CVE-2020-36024, CVE-2022-38349

Mitre: CVE-2020-36023, CVE-2020-36024, CVE-2022-38349

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2-2023-2281

ALAS2-2023-2281

Additional References

Vulmon Search

About

Products

Connect