RHSA-2019:2022-01 -- Redhat evince, okular, popplerID: oval:org.secpod.oval:def:503299 | Date: (C)2019-10-10 (M)2023-12-20 |
Class: PATCH | Family: unix |
Poppler is a Portable Document Format rendering library, used by applications such as Evince or Okular. Security Fix: * poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc * poppler: heap-based buffer overflow in function ImageStream::getLine in Stream.cc * poppler: infinite recursion in Parser::getObj function in Parser.cc * poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc * poppler: reachable abort in Object.h * poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc * poppler: pdfdetach utility does not validate save paths * poppler: NULL pointer dereference in _poppler_attachment_new * poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc * poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc * poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc * poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
Platform: |
Red Hat Enterprise Linux 7 |
Product: |
evince |
okular |
poppler |