MGASA-2018-0145
- Source
- https://advisories.mageia.org/MGASA-2018-0145.html
- Import Source
- https://advisories.mageia.org/MGASA-2018-0145.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2018-0145
- Related
- Published
- 2018-02-26T16:23:22Z
- Modified
- 2018-02-26T15:55:07Z
- Summary
- Updated qpdf packages fix security vulnerabilities
- Details
-
Updated qpdf packages fix security vulnerabilities:
- Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral()
- Another stack overflow / endless recursion in QPDFWriter::enqueueObject()
- Stack out of bounds read in iterate_rc4()
- heap out of bounds read (large) in Pl_Buffer::write
- Hang due to a pdf xref loop:
Also, the libjpeg package has been patched to provide pkgconfig files, so that cups-filters could be rebuilt against this qpdf update.
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / qpdf
Package
- Name
- qpdf
- Purl
- pkg:rpm/mageia/qpdf?distro=mageia-5
Mageia:5 / libjpeg
Package
- Name
- libjpeg
- Purl
- pkg:rpm/mageia/libjpeg?distro=mageia-5
Mageia:5 / cups-filters
Package
- Name
- cups-filters
- Purl
- pkg:rpm/mageia/cups-filters?distro=mageia-5