poppler-22.09.0

[Bruce Dubbs]

New monthly version.

[Douglas R. Reno]

Contains a fix for a variant of the FORCEDENTRY exploit that originally targeted Apple devices. CVE is CVE-2022-38784

[Douglas R. Reno]

Release notes:

Release 22.09.0:
        core:
         * Splash: Do not truncate line dash patterns with more than 20 entries. Issue #1281
         * Various signature related improvements
         * Fix FormField::getFullyQualifiedName in some scenarios
         * Splash: Small optimization on dash pattern handling
         * JBIG2Stream::readHalftoneRegionSeg: Fix potential memory leak
         * Fix crashes on malformed files. Including CVE-2022-38784
         * Fix string formatting in error reporting

        utils:
         * pdfsig: List signature field names when listing signature information
         * pdfsig: Add support for specifying signature by field name
         * pdfunite: Fix crashes on malformed files
         * pdfunite: Fix potential memory leak of docs

         glib:
         * Fix two potential memory leaks in poppler_document_create_dests_tree

Information on CVE-2022-38784:

From NVD: Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

Proof of concept is public and can be found at ​https://github.com/jeffssh/CVE-2021-30860

This is virtually identical to the FORCEDENTRY 0day for Apple devices from last year, which also needed fixes in WebKitGTK+. This will affect every system that has poppler installed.

[Douglas R. Reno]

Fixed at d608866be8a17818409c22b2c97ef0d59152ccdc

[Douglas R. Reno]

SA-11.2-001 issued. Made mention of Libreoffice and Inkscape build failures and relevant fixes.