*** This bug is a security vulnerability *** Public security bug reported:
CVE-2008-2950 description from the oCERT advisory #2008-007: "The poppler PDF rendering library suffers a memory management bug which leads to arbitrary code execution. The vulnerability is present in the Page class constructor/destructor. The pageWidgets object is not initialized in the Page constructor if specific conditions are met, but it is deleted afterwards in the destructor regardless of its initialization. Specific PDF files can be crafted which allocate arbitrary memory to trigger the vulnerability." http://www.ocert.org/advisories/ocert-2008-007.html A patch is included in the advisory. ** Affects: poppler (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2950 -- [CVE-2008-2950] libpoppler uninitialized pointer leads to arbitrary code execution https://bugs.launchpad.net/bugs/246292 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
