An update for poppler is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1906 Final 1.0 1.0 2022-09-09 Initial 2022-09-09 2022-09-09 openEuler SA Tool V1.0 2022-09-09 poppler security update An update for poppler is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. Poppler is a free software utility library for rendering Portable Document Format (PDF) documents. \Its development is supported by freedesktop.org. It is commonly used on Linux systems,and is used by \the PDF viewers of the open source GNOME and KDE desktop environments. Security Fix(es): Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.(CVE-2022-38784) An update for poppler is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High poppler https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1906 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-38784 https://nvd.nist.gov/vuln/detail/CVE-2022-38784 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS poppler-cpp-devel-0.67.0-8.oe1.aarch64.rpm poppler-debuginfo-0.67.0-8.oe1.aarch64.rpm poppler-0.67.0-8.oe1.aarch64.rpm poppler-qt-devel-0.67.0-8.oe1.aarch64.rpm poppler-qt5-devel-0.67.0-8.oe1.aarch64.rpm poppler-debugsource-0.67.0-8.oe1.aarch64.rpm poppler-glib-0.67.0-8.oe1.aarch64.rpm poppler-qt-0.67.0-8.oe1.aarch64.rpm poppler-glib-devel-0.67.0-8.oe1.aarch64.rpm poppler-qt5-0.67.0-8.oe1.aarch64.rpm poppler-devel-0.67.0-8.oe1.aarch64.rpm poppler-cpp-0.67.0-8.oe1.aarch64.rpm poppler-cpp-devel-0.67.0-8.oe1.aarch64.rpm poppler-glib-devel-0.67.0-8.oe1.aarch64.rpm poppler-cpp-0.67.0-8.oe1.aarch64.rpm poppler-debuginfo-0.67.0-8.oe1.aarch64.rpm poppler-qt-devel-0.67.0-8.oe1.aarch64.rpm poppler-0.67.0-8.oe1.aarch64.rpm poppler-glib-0.67.0-8.oe1.aarch64.rpm poppler-qt5-devel-0.67.0-8.oe1.aarch64.rpm poppler-qt-0.67.0-8.oe1.aarch64.rpm poppler-debugsource-0.67.0-8.oe1.aarch64.rpm poppler-devel-0.67.0-8.oe1.aarch64.rpm poppler-qt5-0.67.0-8.oe1.aarch64.rpm poppler-debuginfo-0.90.0-3.oe2203.aarch64.rpm poppler-cpp-devel-0.90.0-3.oe2203.aarch64.rpm poppler-glib-devel-0.90.0-3.oe2203.aarch64.rpm poppler-0.90.0-3.oe2203.aarch64.rpm poppler-debugsource-0.90.0-3.oe2203.aarch64.rpm poppler-qt5-0.90.0-3.oe2203.aarch64.rpm poppler-glib-0.90.0-3.oe2203.aarch64.rpm poppler-utils-0.90.0-3.oe2203.aarch64.rpm poppler-cpp-0.90.0-3.oe2203.aarch64.rpm poppler-qt5-devel-0.90.0-3.oe2203.aarch64.rpm poppler-devel-0.90.0-3.oe2203.aarch64.rpm poppler-glib-doc-0.67.0-8.oe1.noarch.rpm poppler-help-0.67.0-8.oe1.noarch.rpm poppler-glib-doc-0.67.0-8.oe1.noarch.rpm poppler-help-0.67.0-8.oe1.noarch.rpm poppler-help-0.90.0-3.oe2203.noarch.rpm poppler-glib-doc-0.90.0-3.oe2203.noarch.rpm poppler-0.67.0-8.oe1.src.rpm poppler-0.67.0-8.oe1.src.rpm poppler-0.90.0-3.oe2203.src.rpm poppler-qt5-0.67.0-8.oe1.x86_64.rpm poppler-qt-0.67.0-8.oe1.x86_64.rpm poppler-devel-0.67.0-8.oe1.x86_64.rpm poppler-debuginfo-0.67.0-8.oe1.x86_64.rpm poppler-0.67.0-8.oe1.x86_64.rpm poppler-glib-0.67.0-8.oe1.x86_64.rpm poppler-qt5-devel-0.67.0-8.oe1.x86_64.rpm poppler-cpp-devel-0.67.0-8.oe1.x86_64.rpm poppler-debugsource-0.67.0-8.oe1.x86_64.rpm poppler-qt-devel-0.67.0-8.oe1.x86_64.rpm poppler-cpp-0.67.0-8.oe1.x86_64.rpm poppler-glib-devel-0.67.0-8.oe1.x86_64.rpm poppler-devel-0.67.0-8.oe1.x86_64.rpm poppler-0.67.0-8.oe1.x86_64.rpm poppler-qt5-0.67.0-8.oe1.x86_64.rpm poppler-debugsource-0.67.0-8.oe1.x86_64.rpm poppler-glib-0.67.0-8.oe1.x86_64.rpm poppler-glib-devel-0.67.0-8.oe1.x86_64.rpm poppler-qt-devel-0.67.0-8.oe1.x86_64.rpm poppler-cpp-0.67.0-8.oe1.x86_64.rpm poppler-qt-0.67.0-8.oe1.x86_64.rpm poppler-cpp-devel-0.67.0-8.oe1.x86_64.rpm poppler-qt5-devel-0.67.0-8.oe1.x86_64.rpm poppler-debuginfo-0.67.0-8.oe1.x86_64.rpm poppler-cpp-devel-0.90.0-3.oe2203.x86_64.rpm poppler-utils-0.90.0-3.oe2203.x86_64.rpm poppler-qt5-0.90.0-3.oe2203.x86_64.rpm poppler-glib-devel-0.90.0-3.oe2203.x86_64.rpm poppler-cpp-0.90.0-3.oe2203.x86_64.rpm poppler-0.90.0-3.oe2203.x86_64.rpm poppler-devel-0.90.0-3.oe2203.x86_64.rpm poppler-qt5-devel-0.90.0-3.oe2203.x86_64.rpm poppler-debugsource-0.90.0-3.oe2203.x86_64.rpm poppler-glib-0.90.0-3.oe2203.x86_64.rpm poppler-debuginfo-0.90.0-3.oe2203.x86_64.rpm Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. 2022-09-09 CVE-2022-38784 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H poppler security update 2022-09-09 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1906