Synopsis: Moderate: poppler security, bug fix, and enhancement update Advisory ID: SLSA-2019:2022-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-16646 CVE-2019-9631 CVE-2018-18897 CVE-2018-19058 CVE-2018-20650 CVE-2018-20662 CVE-2019-9200 CVE-2019-7310 CVE-2018-19059 CVE-2018-20481 CVE-2018-19060 CVE-2018-19149 -- Security Fix(es): * poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310) * poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200) * poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646) * poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897) * poppler: reachable abort in Object.h (CVE-2018-19058) * poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059) * poppler: pdfdetach utility does not validate save paths (CVE-2018-19060) * poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149) * poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481) * poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650) * poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662) * poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631) -- SL7 x86_64 okular-part-4.10.5-7.el7.x86_64.rpm okular-devel-4.10.5-7.el7.i686.rpm okular-libs-4.10.5-7.el7.x86_64.rpm evince-nautilus-3.28.2-8.el7.x86_64.rpm poppler-qt-0.26.5-38.el7.x86_64.rpm okular-libs-4.10.5-7.el7.i686.rpm poppler-0.26.5-38.el7.x86_64.rpm poppler-utils-0.26.5-38.el7.x86_64.rpm poppler-qt-0.26.5-38.el7.i686.rpm okular-devel-4.10.5-7.el7.x86_64.rpm okular-4.10.5-7.el7.x86_64.rpm evince-dvi-3.28.2-8.el7.x86_64.rpm evince-libs-3.28.2-8.el7.i686.rpm poppler-glib-0.26.5-38.el7.x86_64.rpm evince-3.28.2-8.el7.x86_64.rpm poppler-glib-0.26.5-38.el7.i686.rpm poppler-0.26.5-38.el7.i686.rpm evince-libs-3.28.2-8.el7.x86_64.rpm evince-devel-3.28.2-8.el7.i686.rpm poppler-cpp-0.26.5-38.el7.x86_64.rpm poppler-devel-0.26.5-38.el7.x86_64.rpm poppler-qt-devel-0.26.5-38.el7.i686.rpm poppler-cpp-devel-0.26.5-38.el7.i686.rpm poppler-qt-devel-0.26.5-38.el7.x86_64.rpm poppler-cpp-0.26.5-38.el7.i686.rpm evince-devel-3.28.2-8.el7.x86_64.rpm poppler-devel-0.26.5-38.el7.i686.rpm evince-browser-plugin-3.28.2-8.el7.x86_64.rpm poppler-demos-0.26.5-38.el7.x86_64.rpm poppler-glib-devel-0.26.5-38.el7.x86_64.rpm poppler-cpp-devel-0.26.5-38.el7.x86_64.rpm poppler-glib-devel-0.26.5-38.el7.i686.rpm evince-debuginfo-3.28.2-8.el7.i686.rpm evince-debuginfo-3.28.2-8.el7.x86_64.rpm okular-debuginfo-4.10.5-7.el7.i686.rpm okular-debuginfo-4.10.5-7.el7.x86_64.rpm poppler-debuginfo-0.26.5-38.el7.i686.rpm poppler-debuginfo-0.26.5-38.el7.x86_64.rpm - Scientific Linux Development Team