Package: poppler / 0.48.0-2+deb9u2

Metadata

Package Version Patches format
poppler 0.48.0-2+deb9u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
upstream_pdfseparate remove extra in error message.patch | (download)

utils/pdfseparate.cc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] pdfseparate: remove extra '%' in error message


qt visibility.diff | (download)

qt4/src/Makefile.am | 1 1 + 0 - 0 !
qt5/src/Makefile.am | 1 1 + 0 - 0 !
2 files changed, 2 insertions(+)

 hidden visibility for poppler-qt4 and poppler-qt5
 Enables the hidden visibility for poppler-qt4 and poppler-qt5, hiding all the
 non-exported symbols.
 .
 The CXXFLAGS additions need to be added with proper configure check.
upstream_CVE 2017 9865.patch | (download)

utils/HtmlOutputDev.cc | 6 4 + 2 - 0 !
utils/ImageOutputDev.cc | 6 4 + 2 - 0 !
2 files changed, 8 insertions(+), 4 deletions(-)

 cve-2017-9865 (fdo#100774) avoid stack buffer overflow

in GfxImageColorMap:getGray

by passing first arg to getGray of maximum possibly required size

and similar in HtmlOutputDev::drawPngImage

upstream_CVE 2017 9776.patch | (download)

poppler/JBIG2Stream.cc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix crash in malformed documents


upstream_CVE 2017 9775 fix stack buffer overflow.patch | (download)

poppler/GfxState.cc | 10 8 + 2 - 0 !
1 file changed, 8 insertions(+), 2 deletions(-)

---
upstream_CVE 2017 9406.patch | (download)

poppler/XRef.cc | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 fix memory leak (and probably logic bug) parsing broken xref entries

Don't need to get obj1 again to ask if it's an int64 instead of an int

Bug #100775

upstream_CVE 2017 9408.patch | (download)

poppler/XRef.cc | 13 8 + 5 - 0 !
1 file changed, 8 insertions(+), 5 deletions(-)

 fix memory leak when reconstructing broken files

Need to free the catalog variable if we're going to fetch over it again

Bug #100776

upstream_CVE 2017 14517.patch | (download)

poppler/XRef.cc | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 xref::parseentry: fix crash in broken file

Bug #102687

upstream_CVE 2017 14518.patch | (download)

splash/Splash.cc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 isimageinterpolationrequired: fix divide by 0 on broken documents

Bug #102688

CVE 2017 14519.patch | (download)

poppler/Gfx.cc | 24 22 + 2 - 0 !
poppler/Gfx.h | 1 1 + 0 - 0 !
poppler/GfxFont.cc | 10 10 + 0 - 0 !
poppler/GfxFont.h | 1 1 + 0 - 0 !
4 files changed, 34 insertions(+), 2 deletions(-)

 cve-2017-14519

upstream_CVE 2017 14520.patch | (download)

splash/Splash.cc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 splash::scaleimage: do not try to scale if srcheight or srcwidth are
 < 1

Bug #102719

upstream_CVE 2017 14617.patch | (download)

poppler/Stream.cc | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 fix crash in broken files

Bug #102854

upstream_CVE 2017 14975.patch | (download)

fofi/FoFiType1C.cc | 435 220 + 215 - 0 !
1 file changed, 220 insertions(+), 215 deletions(-)

 fix crash in fofitype1c::converttotype0 in broken files

Bug #102653

upstream_CVE 2017 14976.patch | (download)

fofi/FoFiType1C.cc | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 fofitype1c::converttotype0: fix crash in broken files

Bug #102724

upstream_CVE 2017 14977.patch | (download)

fofi/FoFiTrueType.cc | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix crash in broken files

Bug #103045

upstream_CVE 2017 15565.patch | (download)

poppler/CairoOutputDev.cc | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 cairooutputdev: fix crash in broken files

Bug #103016

fix CVE 2017 14519.patch | (download)

poppler/Gfx.cc | 39 21 + 18 - 0 !
poppler/Gfx.h | 3 2 + 1 - 0 !
poppler/GfxFont.cc | 3 1 + 2 - 0 !
3 files changed, 24 insertions(+), 21 deletions(-)

---
CVE 2017 1000456.patch | (download)

poppler/TextOutputDev.cc | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

---
CVE 2017 14929.patch | (download)

poppler/Gfx.cc | 48 36 + 12 - 0 !
poppler/GfxState.cc | 33 18 + 15 - 0 !
poppler/GfxState.h | 15 9 + 6 - 0 !
3 files changed, 63 insertions(+), 33 deletions(-)

 fix infinite recursion on broken files

Bug #102969