[MacPorts] #54808: poppler @0.57.0: update to 0.65.0

MacPorts noreply at macports.org
Sat Jun 16 14:17:17 UTC 2018


#54808: poppler @0.57.0: update to 0.65.0
----------------------+----------------------
  Reporter:  l2dy     |      Owner:  dbevans
      Type:  update   |     Status:  new
  Priority:  Normal   |  Milestone:
 Component:  ports    |    Version:
Resolution:           |   Keywords:  security
      Port:  poppler  |
----------------------+----------------------

Comment (by l2dy):

 Below is from openSUSE-SU-2018:1721-1. In case someone wants to backport
 patches.

 - CVE-2017-14517: Prevent NULL Pointer dereference in the
   XRef::parseEntry() function via a crafted PDF document.
 - CVE-2017-9865: Fixed a stack-based buffer overflow vulnerability in
   GfxState.cc that would have allowed attackers to facilitate a
   denial-of-service attack via specially crafted PDF documents.
 - CVE-2017-14518: Remedy a floating point exception in
   isImageInterpolationRequired() that could have been exploited using a
   specially crafted PDF document.
 - CVE-2017-14520: Remedy a floating point exception in
   Splash::scaleImageYuXd() that could have been exploited using a
   specially crafted PDF document.
 - CVE-2017-14617: Fixed a floating point exception in Stream.cc, which may
   lead to a potential attack when handling malicious PDF files.
 - CVE-2017-14928: Fixed a NULL Pointer dereference in
   AnnotRichMedia::Configuration::Configuration() in Annot.cc, which may
   lead to a potential attack when handling malicious PDF files.
 - CVE-2017-14975: Fixed a NULL pointer dereference vulnerability, that
   existed because a data structure in FoFiType1C.cc was not initialized,
   which allowed an attacker to launch a denial of service attack.
 - CVE-2017-14976: Fixed a heap-based buffer over-read vulnerability in
   FoFiType1C.cc that occurred when an out-of-bounds font dictionary index
   was encountered, which allowed an attacker to launch a denial of service
   attack.
 - CVE-2017-14977: Fixed a NULL pointer dereference vulnerability in the
   FoFiTrueType::getCFFBlock() function in FoFiTrueType.cc that occurred
   due to lack of validation of a table pointer, which allows an attacker
   to launch a denial of service attack.
 - CVE-2017-15565: Prevent NULL Pointer dereference in the
   GfxImageColorMap::getGrayLine() function via a crafted PDF document.
 - CVE-2017-1000456: Validate boundaries in TextPool::addWord to prevent
   overflows in subsequent calculations.

-- 
Ticket URL: <https://trac.macports.org/ticket/54808#comment:40>
MacPorts <https://www.macports.org/>
Ports system for macOS


More information about the macports-tickets mailing list