Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6299-1

Ubuntu Security Notice 6299-1 - It was discovered that poppler incorrectly handled certain malformed PDF files. If a user or an automated system were tricked into opening a specially crafted PDF file, a remote attacker could possibly use this issue to cause a denial of service.

Packet Storm
#vulnerability#ubuntu#dos#pdf
==========================================================================Ubuntu Security Notice USN-6299-1August 17, 2023poppler vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in poppler.Software Description:- poppler: PDF rendering libraryDetails:It was discovered that poppler incorrectly handled certain malformed PDFfiles. If a user or an automated system were tricked into opening aspecially crafted PDF file, a remote attacker could possibly use thisissue to cause a denial of service. (CVE-2020-36023, CVE-2020-36024)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   libpoppler97                    0.86.1-0ubuntu1.3Ubuntu 18.04 LTS (Available with Ubuntu Pro):   libpoppler73                    0.62.0-2ubuntu2.14+esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro):   libpoppler58                    0.41.0-0ubuntu1.16+esm3In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6299-1   CVE-2020-36023, CVE-2020-36024Package Information:   https://launchpad.net/ubuntu/+source/poppler/0.86.1-0ubuntu1.3

Related news

CVE-2020-36023: Stack-Overflow in `FoFiType1C::cvtGlyph` results in Segmentation Fault (#1013) · Issues · poppler / poppler · GitLab

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.

CVE-2020-36024: NULL-Pointer Deference in `FoFiType1C::convertToType1` (#1016) · Issues · poppler / poppler · GitLab

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution