AXSA:2019-4277:01

Release date: 
Thursday, September 12, 2019 - 09:52
Subject: 
poppler-0.26.5-38.el7, evince-3.28.2-8.el7, okular-4.10.5-7.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular.

Security Fix(es):

* poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310)

* poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200)

* poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646)

* poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897)

* poppler: reachable abort in Object.h (CVE-2018-19058)

* poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059)

* poppler: pdfdetach utility does not validate save paths (CVE-2018-19060)

* poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149)

* poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481)

* poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650)

* poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662)

* poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.7 Release Notes linked from the References section.

CVE-2018-16646
In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.
CVE-2018-18897
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.
CVE-2018-19058
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
CVE-2018-19059
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
CVE-2018-19060
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
CVE-2018-19149
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
CVE-2018-20481
XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
CVE-2018-20650
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
CVE-2018-20662
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
CVE-2019-7310
In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo.
CVE-2019-9200

CVE-2019-9631
Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. evince-3.28.2-8.el7.src.rpm
    MD5: a9cfc43e862e4d78100942dc35772663
    SHA-256: 3b01843a2d823292af365714861fb4fc7dd6e67edbe26e7036a4078869fc69e4
    Size: 3.28 MB
  2. okular-4.10.5-7.el7.src.rpm
    MD5: e6612c3f09b72ff1dcef83c8375888c5
    SHA-256: 3106f5e5037243b2010933489c8b397d1fc22faa2afbca689068d97ec363da46
    Size: 1.33 MB
  3. poppler-0.26.5-38.el7.src.rpm
    MD5: 932fb4d3cd2d6c342238c29650cf1708
    SHA-256: eb897b2e0817efe3003d64105294c6382666a435d99d4f13f98fd0fc4d5a88ee
    Size: 1.58 MB

Asianux Server 7 for x86_64
  1. evince-3.28.2-8.el7.x86_64.rpm
    MD5: 077045f264d6cc7b123c07de0e6550fe
    SHA-256: 0f3a4fe47db9d777060fa721aff19abc74b62ac8c05ca4ebb88d59e6a7119eba
    Size: 2.27 MB
  2. evince-dvi-3.28.2-8.el7.x86_64.rpm
    MD5: 244061b72dc6360349f8da68d64f2376
    SHA-256: 757e8f5bda223ffa70916be439d53ac6a83b1856bf736444b72f3023c1049c64
    Size: 95.01 kB
  3. evince-libs-3.28.2-8.el7.x86_64.rpm
    MD5: eda7fcbd2beb299987c8ec3b2530b934
    SHA-256: 108a9b4c53987fc671469635a654881e26a1f59aaa3f619c78fecd59edb4297f
    Size: 390.26 kB
  4. evince-nautilus-3.28.2-8.el7.x86_64.rpm
    MD5: 259ebe18da6994d918437bb3e7644a2b
    SHA-256: 1455c367a1b8242f6be342fbf36abb5980eca0b0ac61fe4257e29e8fabe09133
    Size: 41.02 kB
  5. evince-libs-3.28.2-8.el7.i686.rpm
    MD5: eb2c15765a560dd7d8e8f84e6bd0bd79
    SHA-256: 80cf71f723d0d6fdc5568ac2218431b1755a32b7335bf205da4e09285eb00cc3
    Size: 392.06 kB
  6. okular-4.10.5-7.el7.x86_64.rpm
    MD5: 17b9a127f7efbaeb339c7a692c488ed1
    SHA-256: 7f6b4da98568112902a130edb35f52a5f97e51bac09a9445fa87f0dcfd7f175a
    Size: 412.96 kB
  7. okular-devel-4.10.5-7.el7.x86_64.rpm
    MD5: 61ea046f43d065a37c39bd78477bec55
    SHA-256: 3f7eae721d66c725069d8a959abc72c3ef89f8b66bb91154fe558d0ff9ee419b
    Size: 47.99 kB
  8. okular-libs-4.10.5-7.el7.x86_64.rpm
    MD5: 6219b91168a4a7131e956f6c91a47bdc
    SHA-256: fb54cf61c629b3628ce80445c781bc9704e73d0da8b99a590831144368909a9d
    Size: 227.95 kB
  9. okular-part-4.10.5-7.el7.x86_64.rpm
    MD5: 563e1d48239a1ac6314c30b04a151136
    SHA-256: 73986fc2010a97f37f5a772e18631c765c2cdd6f907ab0288e2f9fa6c4c3ad4f
    Size: 838.66 kB
  10. okular-devel-4.10.5-7.el7.i686.rpm
    MD5: 66e0e956ece77ba69c4e694e72c2a315
    SHA-256: 703e0b90b1d71dd7eef888809a4894c86abd24fdbd33f27d3a9da7efc9736b13
    Size: 48.03 kB
  11. okular-libs-4.10.5-7.el7.i686.rpm
    MD5: a36ecd747dd1b6bc423be73704b73c05
    SHA-256: e9983d36d90e7d22267782952f7c74bd82cdf8fd3a44dbd4301f1d4fd68dcf15
    Size: 236.74 kB
  12. poppler-0.26.5-38.el7.x86_64.rpm
    MD5: 5f600fef9a722fb27c6126c5f9316622
    SHA-256: 09cee0ac41662dc38279b9b0bb262aec9f60dbfb719382b4d50c0f83d92cbeda
    Size: 785.19 kB
  13. poppler-glib-0.26.5-38.el7.x86_64.rpm
    MD5: c3e70384f22cf7f21c49151038f37092
    SHA-256: 0f74415730d313b631004e6e41400e4874480a2010b72bbf8092777b4fee8185
    Size: 139.49 kB
  14. poppler-qt-0.26.5-38.el7.x86_64.rpm
    MD5: 9ab3dedcd9773b511b648578ed37dcee
    SHA-256: 01ba02a2fe68f1f71db67a92892a14e356ae2a2b060c0155f7e816ed3a90c04c
    Size: 167.84 kB
  15. poppler-utils-0.26.5-38.el7.x86_64.rpm
    MD5: bb0b12ccdb36070f653766d6c39192ff
    SHA-256: 34d59e022dc9f0f83215cf710c7e0525f8384a8c39b5e02ecf62abff2d52e2e3
    Size: 168.54 kB
  16. poppler-0.26.5-38.el7.i686.rpm
    MD5: 560481e203fc9335e8257e5f17a8adc3
    SHA-256: f6e1f9fe0d5b97e5aff0844cd97cd7a440841a83594ab0594372d047312b7dd9
    Size: 781.37 kB
  17. poppler-glib-0.26.5-38.el7.i686.rpm
    MD5: 546fa547ed3d662cae0bf7ce2bb347c6
    SHA-256: cbe76fd177a010b0f965d1d9e317001e63d2f8b8f357eff4e504c567a5b47c9c
    Size: 139.43 kB
  18. poppler-qt-0.26.5-38.el7.i686.rpm
    MD5: 2a131bbdba15d6761ac0b39f9c1a1e78
    SHA-256: f21d3559fee350f74626d6e64675cb5326b575c1f92194b4077f2b805ce62424
    Size: 171.50 kB
Copyright© 2007-2015 Asianux. All rights reserved.