Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5606-1

Ubuntu Security Notice 5606-1 - It was discovered that poppler incorrectly handled certain PDF. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos#pdf

=========================================================================
Ubuntu Security Notice USN-5606-1
September 12, 2022

poppler vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 ESM

Summary:

poppler could be made to crash or execute arbitrary code if
received a specially crafted PDF.

Software Description:

  • poppler: PDF rendering library

Details:

It was discovered that poppler incorrectly handled certain
PDF. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
libpoppler118 22.02.0-2ubuntu0.1
poppler-utils 22.02.0-2ubuntu0.1

Ubuntu 20.04 LTS:
libpoppler97 0.86.1-0ubuntu1.1
poppler-utils 0.86.1-0ubuntu1.1

Ubuntu 18.04 LTS:
libpoppler73 0.62.0-2ubuntu2.13
poppler-utils 0.62.0-2ubuntu2.13

Ubuntu 16.04 ESM:
libpoppler58 0.41.0-0ubuntu1.16+esm1
poppler-utils 0.41.0-0ubuntu1.16+esm1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5606-1
CVE-2022-38784

Package Information:
https://launchpad.net/ubuntu/+source/poppler/22.02.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/poppler/0.86.1-0ubuntu1.1
https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.13

Related news

RHSA-2023:2810: Red Hat Security Advisory: poppler security update

An update for poppler is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38784: An integer overflow issue was discovered in Popplers' JBIG2 decoder in the JBIG2Stream::readTextRegionSeg() function in JBIGStream.cc file. This flaw allows an attacker to trick a user into opening a malformed PDF file or JBIG2 image in the application, triggering an integer overflow, which could result in a crash or may lead to the execution of ...

Red Hat Security Advisory 2023-2259-01

Red Hat Security Advisory 2023-2259-01 - Poppler is a Portable Document Format rendering library, used by applications such as Evince. Issues addressed include an integer overflow vulnerability.

RHSA-2023:2259: Red Hat Security Advisory: poppler security and bug fix update

An update for poppler is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38784: An integer overflow issue was discovered in Popplers' JBIG2 decoder in the JBIG2Stream::readTextRegionSeg() function in JBIGStream.cc file. This flaw allows an attacker to trick a user into opening a malformed PDF file or JBIG2 image in the application, triggering an integer overflow, which could result in a crash or may lead to the execution of ...

Gentoo Linux Security Advisory 202209-21

Gentoo Linux Security Advisory 202209-21 - A vulnerability has been discovered in Poppler which could allow for arbitrary code execution. Versions less than 22.09.0 are affected.

CVE-2022-38784: Poppler

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution