Fedora has issued an advisory on October 25: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7Q4ELLLXXPAS3ZVHBECKZMU6TOYYV4YI/ More information from RedHat and Ubuntu: https://bugzilla.redhat.com/show_bug.cgi?id=1500345 https://bugzilla.redhat.com/show_bug.cgi?id=1500324 https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14927.html https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14976.html We may be affected by these.
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
Cauldron is not affected because version 0.60.1 contains the patches for those CVEs.
CC: (none) => nicolas.salguero
Suggested advisory: ======================== The updated packages fix security vulnerabilities: In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. (CVE-2017-14927) The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. (CVE-2017-14976) References: ======================== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14927 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976 https://bugzilla.redhat.com/show_bug.cgi?id=1500345 https://bugzilla.redhat.com/show_bug.cgi?id=1500324 https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14927.html https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14976.html Updated packages in 6/core/updates_testing: ======================== poppler-0.52.0-3.4.mga6 lib(64)poppler66-0.52.0-3.4.mga6 lib(64)poppler-devel-0.52.0-3.4.mga6 lib(64)poppler-cpp0-0.52.0-3.4.mga6 lib(64)poppler-qt4-devel-0.52.0-3.4.mga6 lib(64)poppler-qt5-devel-0.52.0-3.4.mga6 lib(64)poppler-qt4_4-0.52.0-3.4.mga6 lib(64)poppler-qt5_1-0.52.0-3.4.mga6 lib(64)poppler-glib8-0.52.0-3.4.mga6 lib(64)poppler-gir0.18-0.52.0-3.4.mga6 lib(64)poppler-glib-devel-0.52.0-3.4.mga6 lib(64)poppler-cpp-devel-0.52.0-3.4.mga6 from SRPMS: poppler-0.52.0-3.4.mga6.src.rpm
Status: NEW => ASSIGNEDVersion: Cauldron => 6Assignee: pkg-bugs => qa-bugs
Is Mageia 5 affected?
Mageia 5 is affected by CVE-2017-14976 but not by CVE-2017-14927. Suggested advisory: ======================== The updated packages fix security vulnerabilities: In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. (CVE-2017-14927) The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. (CVE-2017-14976) References: ======================== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14927 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976 https://bugzilla.redhat.com/show_bug.cgi?id=1500345 https://bugzilla.redhat.com/show_bug.cgi?id=1500324 https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14927.html https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14976.html Updated packages in 5/core/updates_testing: ======================== poppler-0.26.5-2.6.mga5 lib(64)poppler46-0.26.5-2.6.mga5 lib(64)poppler-devel-0.26.5-2.6.mga5 lib(64)poppler-cpp0-0.26.5-2.6.mga5 lib(64)poppler-qt4-devel-0.26.5-2.6.mga5 lib(64)poppler-qt5-devel-0.26.5-2.6.mga5 lib(64)poppler-qt4_4-0.26.5-2.6.mga5 lib(64)poppler-qt5_1-0.26.5-2.6.mga5 lib(64)poppler-glib8-0.26.5-2.6.mga5 lib(64)poppler-gir0.18-0.26.5-2.6.mga5 lib(64)poppler-glib-devel-0.26.5-2.6.mga5 lib(64)poppler-cpp-devel-0.26.5-2.6.mga5 from SRPMS: poppler-0.26.5-2.6.mga5.src.rpm Updated packages in 6/core/updates_testing: ======================== poppler-0.52.0-3.4.mga6 lib(64)poppler66-0.52.0-3.4.mga6 lib(64)poppler-devel-0.52.0-3.4.mga6 lib(64)poppler-cpp0-0.52.0-3.4.mga6 lib(64)poppler-qt4-devel-0.52.0-3.4.mga6 lib(64)poppler-qt5-devel-0.52.0-3.4.mga6 lib(64)poppler-qt4_4-0.52.0-3.4.mga6 lib(64)poppler-qt5_1-0.52.0-3.4.mga6 lib(64)poppler-glib8-0.52.0-3.4.mga6 lib(64)poppler-gir0.18-0.52.0-3.4.mga6 lib(64)poppler-glib-devel-0.52.0-3.4.mga6 lib(64)poppler-cpp-devel-0.52.0-3.4.mga6 from SRPMS: poppler-0.52.0-3.4.mga6.src.rpm
Whiteboard: (none) => MGA5TOO
Have started on this for mga6.
CC: (none) => tarazed25
Keywords: (none) => advisoryCC: (none) => davidwhodgins
https://bugs.mageia.org/show_bug.cgi?id=21784 has plenty of helpful test indications. Considering comment 6, I will have a go for Mageia 5/64.
CC: (none) => lewyssmith
Thanks Lewis. I am nearly finished withe the mga6 tests. Two POC tests gave reasonable results and the other stuff is fairly straightforward.
Mageia 6 on x86_64 Tried the two POC files available through the CVE links tabled in comment 3 references. Before updates: CVE-2017-14927 $ pdftohtml -s mal-SplashOutputDev-cc-2719-2-12.pdf a Syntax Error: Invalid XRef entry Internal Error: xref num 12 not found but needed, try to reconstruct<0a> Syntax Error: Invalid XRef entry Syntax Error (1967): Unknown operator '<fc>q' Syntax Error (2046): Dictionary key must be a name object Syntax Error (1994): Too few (3) args to 'cm' operator Page-1 Syntax Error (1967): Unknown operator '<fc>q' Syntax Error (2046): Dictionary key must be a name object Segmentation fault (core dumped) CVE-2017-14976 $ pdftops crash2.pdf crash.ps Segmentation fault (core dumped) Ran the updates: Ran updates. - lib64poppler-cpp-devel-0.52.0-3.4.mga6.x86_64 - lib64poppler-cpp0-0.52.0-3.4.mga6.x86_64 - lib64poppler-devel-0.52.0-3.4.mga6.x86_64 - lib64poppler-gir0.18-0.52.0-3.4.mga6.x86_64 - lib64poppler-glib-devel-0.52.0-3.4.mga6.x86_64 - lib64poppler-glib8-0.52.0-3.4.mga6.x86_64 - lib64poppler-qt4-devel-0.52.0-3.4.mga6.x86_64 - lib64poppler-qt4_4-0.52.0-3.4.mga6.x86_64 - lib64poppler-qt5-devel-0.52.0-3.4.mga6.x86_64 - lib64poppler-qt5_1-0.52.0-3.4.mga6.x86_64 - lib64poppler66-0.52.0-3.4.mga6.x86_64 - poppler-0.52.0-3.4.mga6.x86_64 Checked POCs: $ pdftohtml -s mal-SplashOutputDev-cc-2719-2-12.pdf a Syntax Error: Invalid XRef entry Internal Error: xref num 12 not found but needed, try to reconstruct<0a> Syntax Error: Invalid XRef entry Syntax Error (1967): Unknown operator '<fc>q' Syntax Error (2046): Dictionary key must be a name object Syntax Error (1994): Too few (3) args to 'cm' operator Page-1 Syntax Error (1967): Unknown operator '<fc>q' Syntax Error (2046): Dictionary key must be a name object Syntax Warning: t3GlyphStack was null in SplashOutputDev::type3D0 Syntax Error (1994): Too few (3) args to 'cm' operator $ pdftops crash2.pdf crash.ps $ ls -l crash.ps -rw-r--r-- 1 lcl lcl 12045 Nov 2 20:04 crash.ps The lack of segfaults would indicate that the patches are effective. Utility tests: $ pdffonts ~/tmp/abc-1.pdf name type encoding emb sub uni object ID ------------------------------------ ----------------- ---------------- --- --- --- --------- XRIKIW+BlueHighwayCondensed TrueType WinAnsi yes yes yes 8 0 MLTHUS+JorvikInformal Type 1C WinAnsi yes yes no 10 0 $ pdfimages -png jp2test.pdf test $ ls -l test* -rw-r--r-- 1 lcl lcl 142553 Nov 2 20:15 test-000.png The image displayed correctly. $ pdfinfo ThinkPython_2ndEdition.pdf Title: Think Python, 2E Subject: www.it-ebooks.info Keywords: www.it-ebooks.info Author: Allen B. Downey Creator: www.it-ebooks.info Producer: www.it-ebooks.info CreationDate: Thu Nov 19 16:21:29 2015 GMT ModDate: Sat Jan 9 01:49:06 2016 GMT Tagged: no UserProperties: no ......................... Extract pages 7-18 from a document: $ pdfseparate -f 7 -l 18 ModernTkinter.pdf pytk_%d $ ls pytk* pytk_10 pytk_12 pytk_14 pytk_16 pytk_18 pytk_8 pytk_11 pytk_13 pytk_15 pytk_17 pytk_7 pytk_9 $ file pytk_8 pytk_8: PDF document, version 1.5 $ xpdf pytk_8 Displays a page from the table of contents. $ pdftocairo -eps ~/tmp/abc-1.pdf test3.ps [lcl@belexeuli images]$ gs test3.ps GPL Ghostscript 9.20 (2016-09-26) Copyright (C) 2016 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. >>showpage, press <return> to continue<< GS>quit That showed the original document as encapsulated postscript. $ pdftocairo -jpeg ~/tmp/abc-1.pdf test4 $ file test4* test4-1.jpg: JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1240x1755, frames 3 $ eom test4-1.jpg The resulting image matched the original one page document. $ pdftohtml UsingDocker.pdf abc.html $ ls *.html abc.html abc_ind.html abcs.html $ firefox abc.html That displayed the whole book in a new tab in the browser, with a column of clickable page numbers and embedded hyperlinks in the pages. And finally: $ pdftoppm ~/tmp/abc-1.pdf abc1 $ ls *.ppm abc1-1.ppm teapot.ppm $ display abc1-1.ppm The bitmap image matches the original one-page document. This is good for 64 bits.
Whiteboard: MGA5TOO => MGA5TOO MGA6-64-OK
Ubuntu has issued an advisory for poppler on October 30: https://usn.ubuntu.com/usn/usn-3467-1/ It fixes a new issue, CVE-2017-15565. Mageia 5 and Mageia 6 are affected. Can we include a fix for this too?
Testing M5/64 CVE-2017-14927 PoC file: https://bugs.freedesktop.org/attachment.cgi?id=134067 mal-SplashOutputDev-cc-2719-2-12.pdf CVE-2017-14976 PoC file: https://bugzilla.freedesktop.org/attachment.cgi?id=134219 crash2.pdf BEFORE the update: lib64poppler46-0.26.5-2.5.mga5 lib64poppler-qt4_4-0.26.5-2.5.mga5 poppler-0.26.5-2.5.mga5 poppler-data-0.4.7-3.mga5 lib64poppler-glib8-0.26.5-2.5.mga5 Despite comment 9 re Mageia 6, trying the PoCs did not work here: $ pdftohtml -s mal-SplashOutputDev-cc-2719-2-12.pdf a Syntax Error: Invalid XRef entry Syntax Error (1967): Unknown operator '<fc>q' Syntax Error (2046): Dictionary key must be a name object Syntax Error (1994): Too few (3) args to 'cm' operator Page-1 Syntax Error (1967): Unknown operator '<fc>q' Syntax Error (2046): Dictionary key must be a name object Syntax Error (1994): Too few (3) args to 'cm' operator $ pdftops crash2.pdf crash.ps $ UPDATE to: - lib64poppler-glib8-0.26.5-2.6.mga5.x86_64 - lib64poppler-qt4_4-0.26.5-2.6.mga5.x86_64 - lib64poppler46-0.26.5-2.6.mga5.x86_64 - poppler-0.26.5-2.6.mga5.x86_64 For both PoC tests, results (no crash) same as previously. Unhelpful here. Some routine tests as per comment 9 (thanks for the pointers). The test file cited is weighty. $ pdfinfo 'Moroccan Paradoxides paper 10.1007_s12542-014-0225-5.pdf' Title: Creator: Arbortext Advanced Print Publisher 9.0.114/W Producer: Acrobat Distiller 10.1.8 (Windows); modified using iText 4.2.0 by 1T3XT CreationDate: Mon Feb 24 17:08:06 2014 ModDate: Thu Feb 27 12:45:49 2014 Tagged: no UserProperties: no Suspects: no Form: none JavaScript: no Pages: 66 Encrypted: no Page size: 595.28 x 841.89 pts (A4) Page rot: 0 File size: 32692725 bytes Optimized: no PDF version: 1.4 $ pdffonts 'Moroccan Paradoxides paper 10.1007_s12542-014-0225-5.pdf' name type encoding emb sub uni object ID ------------------------------------ ----------------- ---------------- --- --- --- --------- EUFYJJ+Springnew-Regular Type 1C Custom yes yes yes 61 0 Helvetica-Bold Type 1 WinAnsi no no no 22 0 ECFHJC+MyriadPro-Bold CID TrueType Identity-H yes yes yes 23 0 and a long list similar. $ pdfimages -list 'Moroccan Paradoxides paper 10.1007_s12542-014-0225-5.pdf' page num type width height color comp bpc enc interp object ID x-ppi y-ppi size ratio -------------------------------------------------------------------------------------------- 1 0 image 1100 1400 icc 3 8 image no 20 0 255 255 4511B 0.1% 1 1 smask 1100 1400 gray 1 8 image no 20 0 255 255 6617B 0.4% 1 2 image 827 1101 icc 3 8 jpeg no 16 0 216 216 149K 5.6% and a long list similar. $ pdfimages -all 'Moroccan Paradoxides paper 10.1007_s12542-014-0225-5.pdf' imgs produced 37 images called imgs-000.* to imgs-036.* suffixes png or jpg as (presumed) originally. They were all viewable (although the 1st was black), $ pdfseparate -f 10 -l 12 'Moroccan Paradoxides paper 10.1007_s12542-014-0225-5.pdf' mp%d.pdf produced individual page files mp10|11|12.pdf, all as per the source pages. $ pdfunite mp10.pdf mp11.pdf mp12.pdf mp13.pdf produced a single correct document mp13.pdf from the 3 individual page files. -------------------------------------------------------------------- [Important sideline: these 2 commands 'pdfseparate' & 'pdfunite' together do the basics of the essential 'pdftk', which has disappeared from Mageia 6]. -------------------------------------------------------------------- $ pdftohtml 'Moroccan Paradoxides paper 10.1007_s12542-014-0225-5.pdf' mph.html produced a lot of output per page (66). The result mph.html (+ mph_ind.html, mphs.html) had the whole document on a single page, with a frame at the left with a link to each page. Each image in a separate file. The viewed HTML document format was ropey, but complete. This update is OK. However, reserving validation in the light of comment 10. Please decide soon whether we can expect a revised update, or push this one.
Whiteboard: MGA5TOO MGA6-64-OK => MGA5TOO MGA6-64-OK MGA5-64-OK
MGA5-32 on Asus A6000VM Xfce No installation issues. After update similar results on POC files as above. Tests on file created by xsane: $ pdfinfo jeugdherinneringen\ oma.pdf Title: XSane scanned image Creator: XSane version 0.996 (sane 1.0) - by Oliver Rauch Producer: XSane 0.996 CreationDate: Mon Jan 24 13:50:18 2011 Tagged: no UserProperties: no Suspects: no Form: none JavaScript: no Pages: 178 Encrypted: no Page size: 479 x 792 pts Page rot: 0 File size: 248597974 bytes Optimized: no PDF version: 1.4 and $ pdffonts jeugdherinneringen\ oma.pdf name type encoding emb sub uni object ID ------------------------------------ ----------------- ---------------- --- --- --- --------- pdfimages on this file floods the CLI with Syntax Error (247883309): Illegal character <e7> in hex string and some Syntax Error (247883312): Unknown operator ']' and$ pdftohtml jeugdherinneringen\ oma.pdf mph.html same result as Comment 11 Test on file generated by LibreOffice Writer $ pdfimages -list kinderenvw.pdf page num type width height color comp bpc enc interp object ID x-ppi y-ppi size ratio -------------------------------------------------------------------------------------------- 2 0 image 624 875 gray 1 8 jpeg no 9 0 300 300 338K 63% 4 1 image 594 606 gray 1 8 jpeg no 20 0 300 301 180K 51% 6 2 image 659 667 gray 1 8 jpeg no 31 0 300 300 211K 49% 7 3 image 500 375 rgb 3 8 jpeg no 37 0 128 128 131K 24% 10 4 image 650 624 gray 1 8 jpeg no 53 0 300 301 196K 49% 15 5 image 1509 896 gray 1 8 jpeg no 79 0 300 301 806K 61% 21 6 image 1084 675 gray 1 8 jpeg no 110 0 300 300 417K 58% which seems OK
Whiteboard: MGA5TOO MGA6-64-OK MGA5-64-OK => MGA5TOO MGA6-64-OK MGA5-64-OK MGA5-32-OKCC: (none) => herman.viaene
Suggested advisory: ======================== The updated packages fix security vulnerabilities: In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. (CVE-2017-14927) The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. (CVE-2017-14976) In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. (CVE-2017-15565) References: ======================== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14927 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14976 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565 https://bugzilla.redhat.com/show_bug.cgi?id=1500345 https://bugzilla.redhat.com/show_bug.cgi?id=1500324 https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14927.html https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14976.html https://usn.ubuntu.com/usn/usn-3467-1/ Updated packages in 5/core/updates_testing: ======================== poppler-0.26.5-2.7.mga5 lib(64)poppler46-0.26.5-2.7.mga5 lib(64)poppler-devel-0.26.5-2.7.mga5 lib(64)poppler-cpp0-0.26.5-2.7.mga5 lib(64)poppler-qt4-devel-0.26.5-2.7.mga5 lib(64)poppler-qt5-devel-0.26.5-2.7.mga5 lib(64)poppler-qt4_4-0.26.5-2.7.mga5 lib(64)poppler-qt5_1-0.26.5-2.7.mga5 lib(64)poppler-glib8-0.26.5-2.7.mga5 lib(64)poppler-gir0.18-0.26.5-2.7.mga5 lib(64)poppler-glib-devel-0.26.5-2.7.mga5 lib(64)poppler-cpp-devel-0.26.5-2.7.mga5 from SRPMS: poppler-0.26.5-2.7.mga5.src.rpm Updated packages in 6/core/updates_testing: ======================== poppler-0.52.0-3.5.mga6 lib(64)poppler66-0.52.0-3.5.mga6 lib(64)poppler-devel-0.52.0-3.5.mga6 lib(64)poppler-cpp0-0.52.0-3.5.mga6 lib(64)poppler-qt4-devel-0.52.0-3.5.mga6 lib(64)poppler-qt5-devel-0.52.0-3.5.mga6 lib(64)poppler-qt4_4-0.52.0-3.5.mga6 lib(64)poppler-qt5_1-0.52.0-3.5.mga6 lib(64)poppler-glib8-0.52.0-3.5.mga6 lib(64)poppler-gir0.18-0.52.0-3.5.mga6 lib(64)poppler-glib-devel-0.52.0-3.5.mga6 lib(64)poppler-cpp-devel-0.52.0-3.5.mga6 from SRPMS: poppler-0.52.0-3.5.mga6.src.rpm
Whiteboard: MGA5TOO MGA6-64-OK MGA5-64-OK MGA5-32-OK => MGA5TOOSummary: poppler new security issues CVE-2017-14927 and CVE-2017-14976 => poppler new security issues CVE-2017-14927, CVE-2017-14976 and CVE-2017-15565
Updated the advisory as per previous comment 13. The update is to re-test.
Retesting this again for CVE-2017-15565. on Mageia 6 on x86_64. The POC file at https://bugs.freedesktop.org/show_bug.cgi?id=103016 showed the same output as the upstream test when run against pdftocairo. $ pdftocairo -q -svg poppler-gfxstat-5933.pdf Bogus memory allocation size Segmentation fault (core dumped) Upgraded poppler packages from Core Updates Testing. - lib64poppler-cpp-devel-0.52.0-3.5.mga6.x86_64 - lib64poppler-cpp0-0.52.0-3.5.mga6.x86_64 - lib64poppler-devel-0.52.0-3.5.mga6.x86_64 - lib64poppler-gir0.18-0.52.0-3.5.mga6.x86_64 - lib64poppler-glib-devel-0.52.0-3.5.mga6.x86_64 - lib64poppler-glib8-0.52.0-3.5.mga6.x86_64 - lib64poppler-qt4-devel-0.52.0-3.5.mga6.x86_64 - lib64poppler-qt4_4-0.52.0-3.5.mga6.x86_64 - lib64poppler-qt5-devel-0.52.0-3.5.mga6.x86_64 - lib64poppler-qt5_1-0.52.0-3.5.mga6.x86_64 - lib64poppler66-0.52.0-3.5.mga6.x86_64 - poppler-0.52.0-3.5.mga6.x86_64 $ pdftocairo -q -svg poppler-gfxstat-5933.pdf Bogus memory allocation size some font thing failed some font thing failed A bit vague but it looks like the segfault has gone. Good result. Ran a number of funtionality tests as in comments 9 and 11. All worked fine. Examples: $ pdfimages -all working-with-ruby-threads_p1_0.pdf threads $ ls threads* threads-000.png threads-004.png threads-008.png threads-012.png .................. threads-003.png threads-007.png threads-011.png $ pdfseparate -f 16 -l 32 working-with-ruby-threads_p1_0.pdf threads%d.pdf $ ls threads*.pdf threads16.pdf threads20.pdf threads24.pdf threads28.pdf threads32.pdf .................. threads19.pdf threads23.pdf threads27.pdf threads31.pdf $ pdfunite threads2*.pdf This produced a single correct PDF document threads29.pdf from the nine pages threads{20 - 28}.pdf, not something you would do in practice. $ pdfunite threads1*.pdf threads.pdf worked better. This is OK for 64 bits.
Testing M5/64 BEFORE this 2nd update: $ pdftocairo -q -svg poppler-gfxstat-5933.pdf Bogus memory allocation size Segmentation fault UPDATE to: - lib64poppler-glib8-0.26.5-2.7.mga5.x86_64 - lib64poppler-qt4_4-0.26.5-2.7.mga5.x86_64 - lib64poppler46-0.26.5-2.7.mga5.x86_64 - poppler-0.26.5-2.7.mga5.x86_64 $ pdftocairo -q -svg poppler-gfxstat-5933.pdf Bogus memory allocation size some font thing failed some font thing failed so this update fixes the segfault. Minimal further testing. $ pdfinfo GuidePratiqueDeLaDefonceuse.pdf Title: cdb10_defonceuse.id Creator: Adobe InDesign 2.0 Producer: Adobe PDF Library 5.0 CreationDate: Sat Dec 18 17:49:01 2004 ModDate: Wed May 18 14:24:27 2005 Tagged: yes UserProperties: no Suspects: no Form: none JavaScript: no Pages: 53 Encrypted: yes (print:yes copy:no change:no addNotes:yes algorithm:RC4) Page size: 481.9 x 595.3 pts Page rot: 0 File size: 4815983 bytes Optimized: no PDF version: 1.4 $ pdffonts GuidePratiqueDeLaDefonceuse.pdf name type encoding emb sub uni object ID ------------------------------------ ----------------- ---------------- --- --- --- --------- BYXPIO+Times-Roman CID TrueType Identity-H yes yes yes 12 0 VCPFCA+ItcKabel-Book CID Type 0C Identity-H yes yes yes 51 0 plus 12 more $ pdfimages -list GuidePratiqueDeLaDefonceuse.pdf page num type width height color comp bpc enc interp object ID x-ppi y-ppi size ratio -------------------------------------------------------------------------------------------- 1 0 image 479 651 rgb 3 8 jpeg no 18 0 72 72 45.5K 5.0% 4 1 image 787 768 rgb 3 8 jpeg no 357 0 151 151 93.9K 5.3% plus 115 more $ pdfimages -all GuidePratiqueDeLaDefonceuse.pdf xxx produced 117 image files xxx.* all correctly viewable. This update is OK. Given earlier testing, validating also.
Whiteboard: MGA5TOO MGA6-64-OK => MGA5TOO MGA6-64-OK MGA5-64-OKCC: lewyssmith => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0402.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
CC: (none) => marthasimons9999