poppler: CVE-2018-13988 - Githubissues

AOSC-Dev / aosc-os-abbs

ABBS/ACBS tree for AOSC OS package metadata, build configuration, scripts, and patches

https://packages.aosc.io

GNU General Public License v2.0

102 stars 80 forks source link

poppler: CVE-2018-13988 #1358

Closed l2dy closed 6 years ago

l2dy commented 6 years ago

CVE IDs (if any)

CVE-2018-13988

Other security advisory IDs (if any)

USN-3757-1

Patches (if any)

https://cgit.freedesktop.org/poppler/poppler/commit/?id=004e3c10df0abda214f0c293f9e269fdd979c5ee

PoC(s) (if any)

N/A

Additional descriptions (if applicable)

Hosein Askari discovered that poppler incorrectly handled certain PDF files. An attacker could possible use this issue to cause a denial of service.

Architectural progress

Please remove any architecture to which the security vulnerabilities do not apply.

[x] AMD64 (amd64)
- [x] 32-bit Optional Environment (optenv32)
[x] AArch64 (arm64)
[x] ARMv7 (armel)
[x] PowerPC 64-bit BE (ppc64)
[x] PowerPC 32-bit BE (powerpc)
[x] RISC-V 64-bit (riscv64)

MingcongBai commented 6 years ago

Fixed with https://github.com/AOSC-Dev/aosc-os-abbs/commit/f0730e642307a72fcc6079764a3564956e9e6ff5. Closing.

l2dy commented 6 years ago

Use AOSA-2018-0390.