ELSA-2016-2580

Опубликовано: 09 нояб. 2016

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2016-2580: poppler security and bug fix update (MODERATE)

[0.26.5-16]

Fix crash in Splash
Resolves: #1299492

[0.26.5-15]

Check array length
Resolves: #1299506

[0.26.5-14]

Show correct glyph or none instead of 'fi'
Resolves: #1298616

[0.26.5-13]

Check for groupColorSpace existance
Resolves: #1299479

[0.26.5-12]

Move array reallocation from visitLine to startLine
Resolves: #1299481

[0.26.5-11]

Repair patch
Resolves: #1299490

[0.26.5-10]

Check for GfxSeparationColorSpace existance
Resolves: #1299490

[0.26.5-9]

Check for int overflow
Resolves: #1299496

[0.26.5-8]

Do not assert on broken document
Resolves: #1299500

[0.26.5-7]

Add missing patch
Resolves: #1299503

[0.26.5-6]

Fix segfault when creating PopplerAction
Resolves: #1299503

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

poppler

0.26.5-16.el7

poppler-cpp

0.26.5-16.el7

poppler-cpp-devel

0.26.5-16.el7

poppler-demos

0.26.5-16.el7

poppler-devel

0.26.5-16.el7

poppler-glib

0.26.5-16.el7

poppler-glib-devel

0.26.5-16.el7

poppler-qt

0.26.5-16.el7

poppler-qt-devel

0.26.5-16.el7

poppler-utils

0.26.5-16.el7

Oracle Linux x86_64

poppler

0.26.5-16.el7

poppler-cpp

0.26.5-16.el7

poppler-cpp-devel

0.26.5-16.el7

poppler-demos

0.26.5-16.el7

poppler-devel

0.26.5-16.el7

poppler-glib

0.26.5-16.el7

poppler-glib-devel

0.26.5-16.el7

poppler-qt

0.26.5-16.el7

poppler-qt-devel

0.26.5-16.el7

poppler-utils

0.26.5-16.el7

Связанные CVE

CVE-2015-8868

Ссылки на источники

Связанные уязвимости

CVE-2015-8868

CVSS3: 7.8

ubuntu

больше 9 лет назад

Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.