Debian Long Term Support / LTS Security Information / 2022 / Security Information -- DLA-3120-1 poppler

Debian Security Advisory

DLA-3120-1 poppler -- LTS security update

Date Reported:

26 Sep 2022

Affected Packages:

poppler

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 913164, Bug 913177, Bug 917974, Bug 925264, Bug 941776, Bug 933812, Bug 1010695, Bug 1018971.
In Mitre's CVE dictionary: CVE-2018-18897, CVE-2018-19058, CVE-2018-20650, CVE-2019-9903, CVE-2019-9959, CVE-2019-14494, CVE-2020-27778, CVE-2022-27337, CVE-2022-38784.

More information:

Several security vulnerabilities have been discovered in Poppler, a PDF rendering library, that could lead to denial of service or possibly other unspecified impact when processing maliciously crafted documents.

For Debian 10 buster, these problems have been fixed in version 0.71.0-5+deb10u1.

We recommend that you upgrade your poppler packages.

For the detailed security status of poppler please refer to its security tracker page at: https://security-tracker.debian.org/tracker/poppler

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS