ALAS2-2023-2075

Amazon Linux 2 Security Advisory: ALAS-2023-2075
Advisory Release Date: 2023-06-05 16:39 Pacific
Advisory Updated Date: 2023-06-07 22:38 Pacific

Severity: Medium

References: CVE-2022-27337 CVE-2022-38784
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. (CVE-2022-27337)

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. (CVE-2022-38784)

Affected Packages:

poppler

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update poppler to update your system.

New Packages:

aarch64:
    poppler-0.26.5-43.amzn2.1.1.aarch64
    poppler-devel-0.26.5-43.amzn2.1.1.aarch64
    poppler-glib-0.26.5-43.amzn2.1.1.aarch64
    poppler-glib-devel-0.26.5-43.amzn2.1.1.aarch64
    poppler-qt-0.26.5-43.amzn2.1.1.aarch64
    poppler-qt-devel-0.26.5-43.amzn2.1.1.aarch64
    poppler-cpp-0.26.5-43.amzn2.1.1.aarch64
    poppler-cpp-devel-0.26.5-43.amzn2.1.1.aarch64
    poppler-utils-0.26.5-43.amzn2.1.1.aarch64
    poppler-demos-0.26.5-43.amzn2.1.1.aarch64
    poppler-debuginfo-0.26.5-43.amzn2.1.1.aarch64

i686:
    poppler-0.26.5-43.amzn2.1.1.i686
    poppler-devel-0.26.5-43.amzn2.1.1.i686
    poppler-glib-0.26.5-43.amzn2.1.1.i686
    poppler-glib-devel-0.26.5-43.amzn2.1.1.i686
    poppler-qt-0.26.5-43.amzn2.1.1.i686
    poppler-qt-devel-0.26.5-43.amzn2.1.1.i686
    poppler-cpp-0.26.5-43.amzn2.1.1.i686
    poppler-cpp-devel-0.26.5-43.amzn2.1.1.i686
    poppler-utils-0.26.5-43.amzn2.1.1.i686
    poppler-demos-0.26.5-43.amzn2.1.1.i686
    poppler-debuginfo-0.26.5-43.amzn2.1.1.i686

src:
    poppler-0.26.5-43.amzn2.1.1.src

x86_64:
    poppler-0.26.5-43.amzn2.1.1.x86_64
    poppler-devel-0.26.5-43.amzn2.1.1.x86_64
    poppler-glib-0.26.5-43.amzn2.1.1.x86_64
    poppler-glib-devel-0.26.5-43.amzn2.1.1.x86_64
    poppler-qt-0.26.5-43.amzn2.1.1.x86_64
    poppler-qt-devel-0.26.5-43.amzn2.1.1.x86_64
    poppler-cpp-0.26.5-43.amzn2.1.1.x86_64
    poppler-cpp-devel-0.26.5-43.amzn2.1.1.x86_64
    poppler-utils-0.26.5-43.amzn2.1.1.x86_64
    poppler-demos-0.26.5-43.amzn2.1.1.x86_64
    poppler-debuginfo-0.26.5-43.amzn2.1.1.x86_64

Additional References

Red Hat: CVE-2022-27337, CVE-2022-38784

Mitre: CVE-2022-27337, CVE-2022-38784

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2-2023-2075

Additional References