[USN-7213-1] poppler vulnerability

Thu Jan 16 17:12:24 UTC 2025

==========================================================================
Ubuntu Security Notice USN-7213-1
January 16, 2025

poppler vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

poppler could be made to crash or expose sensitive information if it opened
a specially crafted file.

Software Description:
- poppler: PDF rendering library

Details:

It was discovered that poppler incorrectly handled memory when opening
certain PDF files. An attacker could possibly use this issue to cause
denial of service or obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   libpoppler140                   24.08.0-1ubuntu0.1
   poppler-utils                   24.08.0-1ubuntu0.1

Ubuntu 24.04 LTS
   libpoppler134                   24.02.0-1ubuntu9.2
   poppler-utils                   24.02.0-1ubuntu9.2

Ubuntu 22.04 LTS
   libpoppler118                   22.02.0-2ubuntu0.6
   poppler-utils                   22.02.0-2ubuntu0.6

Ubuntu 20.04 LTS
   libpoppler97                    0.86.1-0ubuntu1.5
   poppler-utils                   0.86.1-0ubuntu1.5

Ubuntu 18.04 LTS
   libpoppler73                    0.62.0-2ubuntu2.14+esm4
                                   Available with Ubuntu Pro
   poppler-utils                   0.62.0-2ubuntu2.14+esm4
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   libpoppler58                    0.41.0-0ubuntu1.16+esm5
                                   Available with Ubuntu Pro
   poppler-utils                   0.41.0-0ubuntu1.16+esm5
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7213-1
   CVE-2024-56378

Package Information:
   https://launchpad.net/ubuntu/+source/poppler/24.08.0-1ubuntu0.1
   https://launchpad.net/ubuntu/+source/poppler/24.02.0-1ubuntu9.2
   https://launchpad.net/ubuntu/+source/poppler/22.02.0-2ubuntu0.6
   https://launchpad.net/ubuntu/+source/poppler/0.86.1-0ubuntu1.5

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250116/6a906d13/attachment.sig>