#14454 closed enhancement (fixed)
poppler-21.01.0
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 10.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New monthly version.
Change History (4)
comment:1 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 4 years ago
comment:4 by , 4 years ago
| Priority: | normal → high |
|---|
According to Arch, this contained a security fix for a heap-buffer-overflow in DCTStream::getChars, which can be exploited by a malicious PDF document. The CVE number is CVE-2020-35702, and this can lead to arbitrary code execution.
Note:
See TracTickets
for help on using tickets.
Release 21.01.0: core: * Faster routines for jpeg decoding * Fix reading signatures in encrypted files * Add white point correction when lcms is used * JBIG2Stream: Fix byte counting * Fix potential data loss if we try to fetch a non existing Ref after modifying the document * Specifically use DeviceGray instead of DefaultGray for softmasks * Fix various issues handling broken files utils: * pdftocairo: Setmode binary for windows * pdfsig: Add hability to digitally sign files * pdftoppm: add options to set DeviceGray/DeviceRGB/DeviceCMYK * pdftops: add options to set DeviceGray/DeviceRGB/DeviceCMYK * pdfimages: Account for rotation in PPI calculation qt5: * Add hability to digitally sign files qt6: * Add hability to digitally sign files build system: * Enable clang-tidy bugprone-signed-char-misuse