A heap based buffer overflow was found in the way poppler processed JPEG image data from certain pdf files. If a local user was tricked into opening a specially crafted pdf file, it could result in crash of applications linked against poppler, or possibly execute arbitrary code with the privileges of user running the application. Upstream patch: http://cgit.freedesktop.org/poppler/poppler/commit/?id=fc071d800cb4329a3ccf898d7bf16b4db7323ad8
*** Bug 645827 has been marked as a duplicate of this bug. ***
Other references for this issue: https://bugs.freedesktop.org/show_bug.cgi?id=26280 http://comments.gmane.org/gmane.comp.security.oss.general/11132
Statement: This issue affects the version of poppler as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of poppler as shipped with Red Hat Enterprise Linux 7. A future update may address this issue.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2010-5110