Tuesday, April 8, 2025

[USN-7426-1] poppler vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmf1kEgFAwAAAAAACgkQZWnYVadEvpMd
uBAAvbrz3fh/9EoM0ZMLSzAx55JEWCn7lCS5hJn8z3wTdh2uLnIOWr1x2Au9RDetPGHs0nVJaTcE
gWTdLZXBvFJ8c3UpBCPz+yjZDIz2JaKTHLMEENds3nNwbq1HVf68NTfx8sy5v/HPCgioDNyZA+hV
kyWuY5b9uWEJ26Xl/+jpuz3W+j51kGyZ/OAU6vAKFLls8sregkxhI8idV1gYC39phVeYBvrP1gbH
qGI4ZCLRsWV+5EUpVxsi5Hkp8fVPexcxfuuM8+vInwvvlHD69ShXh5CLp4lu4MTmo4BQ3SKlw7gi
YH21B9JWJ8mCqr+VhUlY2WDVhyuIR99lPhzeS1vX1/I0InlPwvgt8vsGeVvGrso3nURDIZnglBDO
Ht2GPPkXGbcBSS49aQOVC76OrBEJdb9LR+ukDpaA0vBjrr3Q+WV7xKWOC8pwz+nqjmsaJbIjcgCT
SJPsWzfZ31sNXo2sLOHNzsYb6pLexbAnrVbTYhmx5UcvElXVQljTDt1ZbxSgd9O1bXJYZ0rj6ky6
mgYDa3w5A1uvbSiM2GIrPuSiPsQHMJDiNkL/hTmAiddsKVUwFMtBlXfI3PzoIkHEAtC+J3bfCd3O
B15bQUkXsHHz/nU4hYA4bDkZm0C09ndMby7WjsuMil6/jyi1qky5eKi2G5l/lxgfeNkWxRx0zCPW
Uq4=
=iZeC
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7426-1
April 08, 2025

poppler vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

poppler could be made to crash if it opened a specially crafted PDF file.

Software Description:
- poppler: PDF rendering library

Details:

It was discovered that poppler incorrectly handled memory when opening
certain PDF files. An attacker could possibly use this issue to cause
poppler to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
libpoppler140 24.08.0-1ubuntu0.2
poppler-utils 24.08.0-1ubuntu0.2

Ubuntu 24.04 LTS
libpoppler134 24.02.0-1ubuntu9.3
poppler-utils 24.02.0-1ubuntu9.3

Ubuntu 22.04 LTS
libpoppler118 22.02.0-2ubuntu0.7
poppler-utils 22.02.0-2ubuntu0.7

Ubuntu 20.04 LTS
libpoppler97 0.86.1-0ubuntu1.6
poppler-utils 0.86.1-0ubuntu1.6

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7426-1
CVE-2025-32364, CVE-2025-32365

Package Information:
https://launchpad.net/ubuntu/+source/poppler/24.08.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/poppler/24.02.0-1ubuntu9.3
https://launchpad.net/ubuntu/+source/poppler/22.02.0-2ubuntu0.7
https://launchpad.net/ubuntu/+source/poppler/0.86.1-0ubuntu1.6

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)