Headline
Ubuntu Security Notice USN-5606-1
Ubuntu Security Notice 5606-1 - It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
=========================================================================
Ubuntu Security Notice USN-5606-1
September 12, 2022
poppler vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
poppler could be made to crash or execute arbitrary code if
received a specially crafted PDF.
Software Description:
- poppler: PDF rendering library
Details:
It was discovered that poppler incorrectly handled certain
PDF. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
libpoppler118 22.02.0-2ubuntu0.1
poppler-utils 22.02.0-2ubuntu0.1
Ubuntu 20.04 LTS:
libpoppler97 0.86.1-0ubuntu1.1
poppler-utils 0.86.1-0ubuntu1.1
Ubuntu 18.04 LTS:
libpoppler73 0.62.0-2ubuntu2.13
poppler-utils 0.62.0-2ubuntu2.13
Ubuntu 16.04 ESM:
libpoppler58 0.41.0-0ubuntu1.16+esm1
poppler-utils 0.41.0-0ubuntu1.16+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5606-1
CVE-2022-38784
Package Information:
https://launchpad.net/ubuntu/+source/poppler/22.02.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/poppler/0.86.1-0ubuntu1.1
https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.13
Related news
An update for poppler is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38784: An integer overflow issue was discovered in Popplers' JBIG2 decoder in the JBIG2Stream::readTextRegionSeg() function in JBIGStream.cc file. This flaw allows an attacker to trick a user into opening a malformed PDF file or JBIG2 image in the application, triggering an integer overflow, which could result in a crash or may lead to the execution of ...
Red Hat Security Advisory 2023-2259-01 - Poppler is a Portable Document Format rendering library, used by applications such as Evince. Issues addressed include an integer overflow vulnerability.
An update for poppler is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38784: An integer overflow issue was discovered in Popplers' JBIG2 decoder in the JBIG2Stream::readTextRegionSeg() function in JBIGStream.cc file. This flaw allows an attacker to trick a user into opening a malformed PDF file or JBIG2 image in the application, triggering an integer overflow, which could result in a crash or may lead to the execution of ...
Gentoo Linux Security Advisory 202209-21 - A vulnerability has been discovered in Poppler which could allow for arbitrary code execution. Versions less than 22.09.0 are affected.
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.