ALT-PU-2023-2280-1
Package poppler115 updated to version 21.11.0-alt1.p10.1 for branch p10_e2k.
Closed vulnerabilities
BDU:2021-05087
Уязвимость операционных систем iPadOS, watchOS, iOS, Mac OS, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
BDU:2022-05993
Уязвимость функции JBIG2Stream::readTextRegionSeg() декодера JBIG2 библиотеки для отображения PDF-файлов Poppler, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2022-06926
Уязвимость функции Hints::Hints (poppler/Hints.cc) библиотеки для отображения PDF-файлов Poppler, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-02-28
CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- 20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
- 20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
- 20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2
- 20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2
- 20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
- 20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
- 20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
- 20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
- 20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
- 20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
- 20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
- 20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
- 20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
- 20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
- 20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5
- 20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5
- [oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0
- [oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0
- GLSA-202209-21
- GLSA-202209-21
- https://support.apple.com/en-us/HT212804
- https://support.apple.com/en-us/HT212804
- https://support.apple.com/en-us/HT212805
- https://support.apple.com/en-us/HT212805
- https://support.apple.com/en-us/HT212806
- https://support.apple.com/en-us/HT212806
- https://support.apple.com/en-us/HT212807
- https://support.apple.com/en-us/HT212807
- https://support.apple.com/kb/HT212824
- https://support.apple.com/kb/HT212824
Modified: 2024-11-21
CVE-2022-27337
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
- https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230
- https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230
- https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177
- https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177
- [debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update
- [debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update
- FEDORA-2022-ce08b1c643
- FEDORA-2022-ce08b1c643
- DSA-5224
- DSA-5224
Modified: 2024-11-21
CVE-2022-38784
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
- [oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0
- [oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0
- https://github.com/jeffssh/CVE-2021-30860
- https://github.com/jeffssh/CVE-2021-30860
- https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md
- https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md
- https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52
- https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52
- [debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update
- [debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update
- FEDORA-2022-f79aa2bae9
- FEDORA-2022-f79aa2bae9
- FEDORA-2022-f8ec1c06a3
- FEDORA-2022-f8ec1c06a3
- FEDORA-2022-51b27699ce
- FEDORA-2022-51b27699ce
- FEDORA-2022-fcb3b063a6
- FEDORA-2022-fcb3b063a6
- FEDORA-2022-f7b375eae8
- FEDORA-2022-f7b375eae8
- https://poppler.freedesktop.org/releases.html
- https://poppler.freedesktop.org/releases.html
- GLSA-202209-21
- GLSA-202209-21
- https://www.cve.org/CVERecord?id=CVE-2022-38171
- https://www.cve.org/CVERecord?id=CVE-2022-38171
- DSA-5224
- DSA-5224