Ubuntu has issued an advisory on November 25: https://ubuntu.com/security/notices/USN-4646-1 The issue is fixed upstream in 0.76.
Update incoming by Jani. Advisory: ======================== Updated poppler packages fix security vulnerability: buffer overflow in pdftohtml could result in a DoS (CVE-2020-27778). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27778 https://ubuntu.com/security/notices/USN-4646-1
CC: (none) => jani.valimaa
Added an upstream patch to poppler-0.74.0-3.4.mga7 to fix the issue, please test. SRPMS: poppler-0.74.0-3.4.mga7 RPMS: poppler-0.74.0-3.4.mga7 lib(64)poppler85-0.74.0-3.4.mga7 lib(64)poppler-devel-0.74.0-3.4.mga7 lib(64)poppler-cpp0-0.74.0-3.4.mga7 lib(64)poppler-qt5-devel-0.74.0-3.4.mga7 lib(64)poppler-qt5_1-0.74.0-3.4.mga7 lib(64)poppler-glib8-0.74.0-3.4.mga7 lib(64)poppler-gir0.18-0.74.0-3.4.mga7 lib(64)poppler-glib-devel-0.74.0-3.4.mga7 lib(64)poppler-cpp-devel-0.74.0-3.4.mga7
Assignee: bugsquad => qa-bugs
$ rpm -qa | grep poppler lib64poppler-devel-0.74.0-3.3.mga7 lib64poppler-cpp0-0.74.0-3.3.mga7 lib64poppler-glib8-0.74.0-3.3.mga7 lib64poppler85-0.74.0-3.3.mga7 poppler-data-0.4.9-2.mga7 lib64poppler-qt5_1-0.74.0-3.3.mga7 lib64poppler-gir0.18-0.74.0-3.3.mga7 lib64poppler-cpp-devel-0.74.0-3.3.mga7 poppler-0.74.0-3.3.mga7 lib64poppler-glib-devel-0.74.0-3.3.mga7 Updated the packages: Some dependencies gave trouble: The following packages can't be installed because they depend on packages that are older than the installed ones: lib64input-devel-1.13.2-1.mga7 lib64qt5eglfsdeviceintegration-devel-5.12.6-4.mga7 lib64qt5gui-devel-5.12.6-4.mga7 lib64poppler-qt5-devel-0.74.0-3.4.mga7 Continue installation anyway? (Y/n) $ rpm -qa | grep poppler lib64poppler-glib8-0.74.0-3.4.mga7 lib64poppler85-0.74.0-3.4.mga7 poppler-data-0.4.9-2.mga7 lib64poppler-cpp0-0.74.0-3.4.mga7 lib64poppler-cpp-devel-0.74.0-3.4.mga7 poppler-0.74.0-3.4.mga7 lib64poppler-devel-0.74.0-3.4.mga7 lib64poppler-qt5_1-0.74.0-3.4.mga7 lib64poppler-glib-devel-0.74.0-3.4.mga7 lib64poppler-gir0.18-0.74.0-3.4.mga7 That is all OK. Moved to a folder containing some PDF files. $ pdffonts AN202003March2020.pdf [....] CBJSPS+Helvetica-Condensed-Oblique Type 1C Custom yes yes yes 9024 0 CBJSPS+HelveticaNeue-Bold TrueType WinAnsi yes yes yes 9018 0 CBJSPS+HelveticaNeue-CondensedBlack-SC700 TrueType WinAnsi yes yes yes 9021 0 CBJSPS+Helvetica TrueType WinAnsi yes yes no 9020 0 $ pdftohtml AN202003March2020.pdf [...] Page-115 Page-116 Generated HTML pages and extracted embedded images from Astronomy Now. AN202003March2020.html AN202003March2020-70_629.jpg AN202003March2020_ind.html AN202003March2020-70_62.png AN202003March2020.pdf AN202003March2020-70_630.jpg AN202003March2020s.html $ firefox AN202003March2020.html Displayed the whole magazine via a page index. Exercized a few more of the utilities, which all did what they were supposed to. This is OK.
Whiteboard: (none) => MGA7-64-OKCC: (none) => tarazed25
Validating update. Advisory pushed to SVN.
CC: (none) => ouaurelien, sysadmin-bugsKeywords: (none) => advisory, validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0445.html
Status: NEW => RESOLVEDResolution: (none) => FIXED