SB2019012217 - Fedora 28 update for poppler

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Reachable Assertion (CVE-ID: CVE-2018-20551)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable Object::getString assertion due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. A remote attacker can cause a denial of service.

2) NULL pointer dereference (CVE-ID: CVE-2018-20481)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when XRef::getEntry in XRef.cc mishandles unallocated XRef entries. A remote attacker can trigger denial of service conditions via a specially crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

3) Reachable Assertion (CVE-ID: CVE-2018-20650)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. A remote attacker can cause a denial of service.

4) Memory leak (CVE-ID: CVE-2018-18897)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. A remote attacker can execute the pdftocairo command with a PDF file that submits malicious input, trigger memory leak and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2019-40f4af0687