{"schema_version":"1.7.2","id":"OESA-2021-1378","modified":"2021-10-15T11:03:15Z","published":"2021-10-15T11:03:15Z","upstream":["CVE-2020-27778","CVE-2019-12293"],"summary":"poppler security update","details":"Poppler is a free software utility library for rendering Portable Document Format (PDF) documents. \\ Its development is supported by freedesktop.org. It is commonly used on Linux systems,and is used by \\ the PDF viewers of the open source GNOME and KDE desktop environments.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the \u0026apos;pdftohtml\u0026apos; program, would crash the application causing a denial of service.(CVE-2020-27778)\r\n\r\nIn Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths.(CVE-2019-12293)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"poppler","purl":"pkg:rpm/openEuler/poppler\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.67.0-7.oe1"}]}],"ecosystem_specific":{"aarch64":["poppler-qt5-0.67.0-7.oe1.aarch64.rpm","poppler-qt-0.67.0-7.oe1.aarch64.rpm","poppler-glib-devel-0.67.0-7.oe1.aarch64.rpm","poppler-debugsource-0.67.0-7.oe1.aarch64.rpm","poppler-qt5-devel-0.67.0-7.oe1.aarch64.rpm","poppler-cpp-devel-0.67.0-7.oe1.aarch64.rpm","poppler-devel-0.67.0-7.oe1.aarch64.rpm","poppler-0.67.0-7.oe1.aarch64.rpm","poppler-glib-0.67.0-7.oe1.aarch64.rpm","poppler-debuginfo-0.67.0-7.oe1.aarch64.rpm","poppler-qt-devel-0.67.0-7.oe1.aarch64.rpm","poppler-cpp-0.67.0-7.oe1.aarch64.rpm"],"noarch":["poppler-help-0.67.0-7.oe1.noarch.rpm","poppler-glib-doc-0.67.0-7.oe1.noarch.rpm"],"src":["poppler-0.67.0-7.oe1.src.rpm"],"x86_64":["poppler-qt5-0.67.0-7.oe1.x86_64.rpm","poppler-qt-0.67.0-7.oe1.x86_64.rpm","poppler-devel-0.67.0-7.oe1.x86_64.rpm","poppler-glib-0.67.0-7.oe1.x86_64.rpm","poppler-qt-devel-0.67.0-7.oe1.x86_64.rpm","poppler-debugsource-0.67.0-7.oe1.x86_64.rpm","poppler-qt5-devel-0.67.0-7.oe1.x86_64.rpm","poppler-0.67.0-7.oe1.x86_64.rpm","poppler-cpp-devel-0.67.0-7.oe1.x86_64.rpm","poppler-glib-devel-0.67.0-7.oe1.x86_64.rpm","poppler-cpp-0.67.0-7.oe1.x86_64.rpm","poppler-debuginfo-0.67.0-7.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"poppler","purl":"pkg:rpm/openEuler/poppler\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.67.0-7.oe1"}]}],"ecosystem_specific":{"aarch64":["poppler-qt-devel-0.67.0-7.oe1.aarch64.rpm","poppler-debuginfo-0.67.0-7.oe1.aarch64.rpm","poppler-debugsource-0.67.0-7.oe1.aarch64.rpm","poppler-qt5-devel-0.67.0-7.oe1.aarch64.rpm","poppler-devel-0.67.0-7.oe1.aarch64.rpm","poppler-qt-0.67.0-7.oe1.aarch64.rpm","poppler-cpp-0.67.0-7.oe1.aarch64.rpm","poppler-qt5-0.67.0-7.oe1.aarch64.rpm","poppler-0.67.0-7.oe1.aarch64.rpm","poppler-glib-0.67.0-7.oe1.aarch64.rpm","poppler-glib-devel-0.67.0-7.oe1.aarch64.rpm","poppler-cpp-devel-0.67.0-7.oe1.aarch64.rpm"],"noarch":["poppler-help-0.67.0-7.oe1.noarch.rpm","poppler-glib-doc-0.67.0-7.oe1.noarch.rpm"],"src":["poppler-0.67.0-7.oe1.src.rpm"],"x86_64":["poppler-qt5-0.67.0-7.oe1.x86_64.rpm","poppler-qt-0.67.0-7.oe1.x86_64.rpm","poppler-glib-devel-0.67.0-7.oe1.x86_64.rpm","poppler-debuginfo-0.67.0-7.oe1.x86_64.rpm","poppler-0.67.0-7.oe1.x86_64.rpm","poppler-qt-devel-0.67.0-7.oe1.x86_64.rpm","poppler-debugsource-0.67.0-7.oe1.x86_64.rpm","poppler-devel-0.67.0-7.oe1.x86_64.rpm","poppler-glib-0.67.0-7.oe1.x86_64.rpm","poppler-cpp-0.67.0-7.oe1.x86_64.rpm","poppler-cpp-devel-0.67.0-7.oe1.x86_64.rpm","poppler-qt5-devel-0.67.0-7.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1378"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-27778"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12293"}],"database_specific":{"severity":"High"}}