Headline
CVE-2022-37052: pdfseparate: Account for XRef::add failing because we run out of memory (86775003) · Commits · poppler / poppler · GitLab
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.
We are currently migrating away from gitlab hosting cloud for the registry. There will be a final maintenance down time on Sunday 27th August, from approx 8-12am UTC. See the tracker issue for more informations. Note that the registry will see a brief outage, and potentially lag between uploads and availability during that window.
Related news
Ubuntu Security Notice 6508-1 - It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service.