Mandriva Linux Security Advisory : poppler (MDVSA-2013:143)
Medium Nessus Plugin ID 66155
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been found and corrected in poppler :
poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an invalid memory access in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc (CVE-2013-1788).
poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function (CVE-2013-1790).
The updated packages have been patched to correct these issues.
SolutionUpdate the affected packages.