ALT-PU-2022-7244-1
Package poppler-current updated to version 22.11.0-alt1 for branch sisyphus_mipsel.
Closed vulnerabilities
BDU:2021-05087
Уязвимость операционных систем iPadOS, watchOS, iOS, Mac OS, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
BDU:2022-05310
Уязвимость функции JBIG2Stream::readTextRegionSeg() (JBIG2Stream.cc) программного обеспечения для просмотра PDF Xpdf, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2022-05993
Уязвимость функции JBIG2Stream::readTextRegionSeg() декодера JBIG2 библиотеки для отображения PDF-файлов Poppler, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2022-06926
Уязвимость функции Hints::Hints (poppler/Hints.cc) библиотеки для отображения PDF-файлов Poppler, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-02-28
CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- http://seclists.org/fulldisclosure/2021/Sep/25
- http://seclists.org/fulldisclosure/2021/Sep/26
- http://seclists.org/fulldisclosure/2021/Sep/27
- http://seclists.org/fulldisclosure/2021/Sep/28
- http://seclists.org/fulldisclosure/2021/Sep/38
- http://seclists.org/fulldisclosure/2021/Sep/39
- http://seclists.org/fulldisclosure/2021/Sep/40
- http://seclists.org/fulldisclosure/2021/Sep/50
- http://www.openwall.com/lists/oss-security/2022/09/02/11
- https://security.gentoo.org/glsa/202209-21
- https://support.apple.com/en-us/HT212804
- https://support.apple.com/en-us/HT212805
- https://support.apple.com/en-us/HT212806
- https://support.apple.com/en-us/HT212807
- https://support.apple.com/kb/HT212824
- http://seclists.org/fulldisclosure/2021/Sep/25
- http://seclists.org/fulldisclosure/2021/Sep/26
- http://seclists.org/fulldisclosure/2021/Sep/27
- http://seclists.org/fulldisclosure/2021/Sep/28
- http://seclists.org/fulldisclosure/2021/Sep/38
- http://seclists.org/fulldisclosure/2021/Sep/39
- http://seclists.org/fulldisclosure/2021/Sep/40
- http://seclists.org/fulldisclosure/2021/Sep/50
- http://www.openwall.com/lists/oss-security/2022/09/02/11
- https://security.gentoo.org/glsa/202209-21
- https://support.apple.com/en-us/HT212804
- https://support.apple.com/en-us/HT212805
- https://support.apple.com/en-us/HT212806
- https://support.apple.com/en-us/HT212807
- https://support.apple.com/kb/HT212824
Modified: 2024-11-21
CVE-2022-27337
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
- https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230
- https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177
- https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOTDUXJOKDYO4I7MKHLT5NBGTN5E7FHQ/
- https://www.debian.org/security/2022/dsa-5224
- https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230
- https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177
- https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOTDUXJOKDYO4I7MKHLT5NBGTN5E7FHQ/
- https://www.debian.org/security/2022/dsa-5224
Modified: 2024-11-21
CVE-2022-38171
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
- http://www.openwall.com/lists/oss-security/2022/09/02/11
- http://www.xpdfreader.com/security-fixes.html
- https://dl.xpdfreader.com/xpdf-4.04.tar.gz
- https://github.com/jeffssh/CVE-2021-30860
- https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md
- https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
- https://www.cve.org/CVERecord?id=CVE-2021-30860
- http://www.openwall.com/lists/oss-security/2022/09/02/11
- http://www.xpdfreader.com/security-fixes.html
- https://dl.xpdfreader.com/xpdf-4.04.tar.gz
- https://github.com/jeffssh/CVE-2021-30860
- https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md
- https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
- https://www.cve.org/CVERecord?id=CVE-2021-30860
Modified: 2024-11-21
CVE-2022-38784
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
- http://www.openwall.com/lists/oss-security/2022/09/02/11
- https://github.com/jeffssh/CVE-2021-30860
- https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md
- https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52
- https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/
- https://poppler.freedesktop.org/releases.html
- https://security.gentoo.org/glsa/202209-21
- https://www.cve.org/CVERecord?id=CVE-2022-38171
- https://www.debian.org/security/2022/dsa-5224
- http://www.openwall.com/lists/oss-security/2022/09/02/11
- https://github.com/jeffssh/CVE-2021-30860
- https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md
- https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52
- https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/
- https://poppler.freedesktop.org/releases.html
- https://security.gentoo.org/glsa/202209-21
- https://www.cve.org/CVERecord?id=CVE-2022-38171
- https://www.debian.org/security/2022/dsa-5224