MGASA-2018-0145

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2018-0145.html
Import Source
https://advisories.mageia.org/MGASA-2018-0145.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2018-0145
Related
Published
2018-02-26T16:23:22Z
Modified
2018-02-26T15:55:07Z
Summary
Updated qpdf packages fix security vulnerabilities
Details

Updated qpdf packages fix security vulnerabilities:

  1. Stack overflow due to endless recursion in QPDFTokenizer::resolveLiteral()
  2. Another stack overflow / endless recursion in QPDFWriter::enqueueObject()
  3. Stack out of bounds read in iterate_rc4()
  4. heap out of bounds read (large) in Pl_Buffer::write
  5. Hang due to a pdf xref loop:

Also, the libjpeg package has been patched to provide pkgconfig files, so that cups-filters could be rebuilt against this qpdf update.

References
Credits

Affected packages

Mageia:5 / qpdf

Package

Name
qpdf
Purl
pkg:rpm/mageia/qpdf?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.1.1-1.mga5

Ecosystem specific 

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2018-0145.json"

Mageia:5 / libjpeg

Package

Name
libjpeg
Purl
pkg:rpm/mageia/libjpeg?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.1-4.3.mga5

Ecosystem specific 

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2018-0145.json"

Mageia:5 / cups-filters

Package

Name
cups-filters
Purl
pkg:rpm/mageia/cups-filters?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.71-1.4.mga5

Ecosystem specific 

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2018-0145.json"