Vulmon
Amazon Linux AMI Security Advisory: ALAS-2023-1850
Advisory Release Date: 2023-09-27 22:15 Pacific
Advisory Updated Date: 2023-10-06 00:52 Pacific
Severity:
Medium
References:
CVE-2020-36023
CVE-2020-36024
CVE-2022-38349
FAQs regarding Amazon Linux ALAS/CVE Severity
FAQs regarding Amazon Linux ALAS/CVE Severity
Issue Overview:
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. (CVE-2020-36023)
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. (CVE-2020-36024)
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. (CVE-2022-38349)
Affected Packages:
poppler
Issue Correction:
Run yum update poppler to update your system.
New Packages:
i686:
poppler-devel-0.26.5-43.26.amzn1.i686
poppler-cpp-devel-0.26.5-43.26.amzn1.i686
poppler-0.26.5-43.26.amzn1.i686
poppler-glib-0.26.5-43.26.amzn1.i686
poppler-glib-devel-0.26.5-43.26.amzn1.i686
poppler-cpp-0.26.5-43.26.amzn1.i686
poppler-debuginfo-0.26.5-43.26.amzn1.i686
poppler-utils-0.26.5-43.26.amzn1.i686
src:
poppler-0.26.5-43.26.amzn1.src
x86_64:
poppler-glib-0.26.5-43.26.amzn1.x86_64
poppler-debuginfo-0.26.5-43.26.amzn1.x86_64
poppler-utils-0.26.5-43.26.amzn1.x86_64
poppler-0.26.5-43.26.amzn1.x86_64
poppler-devel-0.26.5-43.26.amzn1.x86_64
poppler-cpp-devel-0.26.5-43.26.amzn1.x86_64
poppler-glib-devel-0.26.5-43.26.amzn1.x86_64
poppler-cpp-0.26.5-43.26.amzn1.x86_64