This bug was fixed in the package poppler - 25.03.0-3
---------------
poppler (25.03.0-3) unstable; urgency=high
* Team upload
* SECURITY UPDATE: floating-point exception vulnerability (Closes: #1102190)
- Cherry-pick upstream fix for the PSStack::roll function
in Function.cc
- CVE-2025-32364
* SECURITY UPDATE: out-of-bounds read vulnerability (Closes: #1102191)
- Cherry-pick upstream fix for the JBIG2Bitmap::combine function
in JBIG2Stream.cc (LP: #2106404)
- CVE-2025-32365
-- Jeremy Bícha <jbi...@ubuntu.com> Mon, 07 Apr 2025 11:11:10 -0400
** Changed in: poppler (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-32364
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-32365
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/2106404
Title:
poppler April 2025 security fixes
Status in poppler package in Ubuntu:
Fix Released
Bug description:
I'm preparing an upload for plucky to fix 2 new CVEs.
https://security-tracker.debian.org/tracker/CVE-2025-32364
https://security-tracker.debian.org/tracker/CVE-2025-32365
I don't have spare capacity to work on this for any other Ubuntu
series.
My packaging is at https://salsa.debian.org/freedesktop-team/poppler
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/2106404/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
