ALAS-2020-1398 --- popplerID: oval:org.secpod.oval:def:1601166 | Date: (C)2020-07-21 (M)2023-11-10 |
Class: PATCH | Family: unix |
The tiff_document_render and tiff_document_get_thumbnail functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented, leading to uninitialized memory use when processing certain TIFF image files. Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc. The JPXStream::init function in Poppler 0.78.0 and earlier doesn"t check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths
Platform: |
Amazon Linux AMI |