Debian Security Advisory

DLA-446-1 poppler -- LTS security update

Date Reported:

29 Apr 2016

Affected Packages:

poppler

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 822578.
In Mitre's CVE dictionary: CVE-2015-8868.

More information:

A heap buffer overflow vulnerability was found in the poppler library. A maliciously crafted file could cause the application to crash. The issue happens when ExtGState is not a valid blend mode.

For Debian 7 Wheezy, these issues have been fixed in poppler version 0.18.4-6+deb7u1