Two bugs that lead to a denial of service (crash) were reported in poppler (fixed in version 0.22.1): - Fix crash in broken file 1031.pdf.asan.48.15 [1]. - Do not crash in broken documents like 1007.pdf.asan.48.4 [2]. [1] http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2 [2] http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec
Created poppler tracking bugs for this issue Affects: fedora-all [bug 917113]
poppler-0.20.2-10.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
poppler-0.18.4-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue does not affect the version of poppler as shipped with Red Hat Enterprise Linux 5. This issue affects the version of poppler as shipped with Red Hat Enterprise Linux 6.
Adding the following commits to this flaw: http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=957aa252912cde85d76c41e9710b33425a82b696 http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=bbc2d8918fe234b7ef2c480eb148943922cc0959
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2013-1789