CVE-2018-19058

Synopsis Moderate: poppler security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for poppler, evince, and okular is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vuln ...

Debian Bug report logs - #913177 poppler: CVE-2018-19058 Package: src:poppler; Maintainer for src:poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 7 Nov 2018 20:27:02 UTC Severity: important Tags: fix ...

Several security issues were fixed in poppler ...

In Poppler 0680, the Parser::getObj() function in Parsercc may cause infinite recursion via a crafted file A remote attacker can leverage this for a DoS attack(CVE-2018-16646) An issue was discovered in Poppler 0710 There is a memory leak in GfxColorSpace::setDisplayProfile in GfxStatecc, as demonstrated by pdftocairo(CVE-2018-18897) An i ...

XRef::getEntry in XRefcc in Poppler 0720 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRefh is called from Parser::makeStream in Parsercc(CVE-2018-20481) In Poppler 0680, the Parser::getObj() function in Parse ...

An issue was discovered in Poppler 0710 There is a reachable abort in Objecth, will lead to denial of service because EmbFile::save2 in FileSpeccc lacks a stream check before saving an embedded file ...