{"id":"MGASA-2019-0245","summary":"Updated poppler packages fix security vulnerabilities","details":"Updated poppler packages fix security vulnerabilities\n\nPoppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc\ndownsample_row_box_filter function. (CVE-2019-9631)\n\nPDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking,\nleading to stack consumption in the function Dict::find() located at\nDict.cc, which can (for example) be triggered by passing a crafted pdf\nfile to the pdfunite binary. (CVE-2019-9903)\n\nAn issue was discovered in Poppler 0.74.0. There is a heap-based buffer\nover-read in the function Splash::blitTransparent at splash/Splash.cc.\n(CVE-2019-10872)\n\nAn issue was discovered in Poppler 0.74.0. There is a NULL pointer\ndereference in the function SplashClip::clipAALine at splash/SplashClip.cc.\n(CVE-2019-10873)\n\nIn Poppler through 0.76.1, there is a heap-based buffer over-read in\nJPXStream::init in JPEG2000Stream.cc via data with inconsistent heights\nor widths. (CVE-2019-12293)\n\nAn issue was discovered in Poppler through 0.78.0. There is a \ndivide-by-zero error in the function SplashOutputDev::tilingPatternFill\nat SplashOutputDev.cc. (CVE-2019-14494)\n","modified":"2026-02-04T03:25:30.542098Z","published":"2019-09-06T21:09:08Z","related":["CVE-2019-10872","CVE-2019-10873","CVE-2019-12293","CVE-2019-14494","CVE-2019-9631","CVE-2019-9903"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0245.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25233"},{"type":"REPORT","url":"https://access.redhat.com/errata/RHSA-2019:2022"},{"type":"REPORT","url":"https://usn.ubuntu.com/4042-1/"},{"type":"REPORT","url":"https://usn.ubuntu.com/4091-1/"}],"affected":[{"package":{"name":"poppler","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/poppler?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.74.0-3.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0245.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}