Debian Security Advisory

DLA-446-1 poppler -- LTS security update

Date Reported:
29 Apr 2016
Affected Packages:
poppler
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 822578.
In Mitre's CVE dictionary: CVE-2015-8868.
More information:

A heap buffer overflow vulnerability was found in the poppler library. A maliciously crafted file could cause the application to crash. The issue happens when ExtGState is not a valid blend mode.

For Debian 6 Squeeze, these issues have been fixed in poppler version 0.18.4-6+deb7u1