Bugzilla – Bug 845765
VUL-0: CVE-2010-5110: poppler: problem ins DCTStream error handling
Last modified: 2014-06-18 16:37:04 UTC
via oss-sec: CVE Request : poppler < 0.13.0 Hi, I'd like to request a CVE number for the following issue http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8 https://bugs.freedesktop.org/show_bug.cgi?id=26280 The bug has been fixed in poppler 0.13.3, back in 2010, though it is still present and exploitable in several distributions. Thanks, Etienne References: http://cgit.freedesktop.org/poppler/poppler/commit/poppler/DCTStream.cc?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8 http://comments.gmane.org/gmane.comp.security.oss.general/11132 https://bugs.freedesktop.org/show_bug.cgi?id=26280
I cannot actually evaluate the impact though :/
bugbot adjusting priority
Ooops. Another poppler bug that fell through the cracks. Re-assigning.
SLE10SP3 not affected seems. SLE11SP1 submitted.
MaintenanceTracker-57494
Update released for: libpoppler-devel, libpoppler-doc, libpoppler-glib-devel, libpoppler-glib4, libpoppler-qt2, libpoppler-qt3-devel, libpoppler-qt4-3, libpoppler-qt4-devel, libpoppler4, libpoppler5, poppler, poppler-debuginfo, poppler-debugsource, poppler-tools Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: libpoppler-devel, libpoppler-doc, libpoppler-glib-devel, libpoppler-glib4, libpoppler-qt2, libpoppler-qt3-devel, libpoppler-qt4-3, libpoppler-qt4-devel, libpoppler4, libpoppler5, poppler, poppler-debuginfo, poppler-debugsource, poppler-tools Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
all relevant packages were updated