Bug 6852 - [Anolis OS 23] Bugfix for CVE-2023-34872
Summary: [Anolis OS 23] Bugfix for CVE-2023-34872
Status: RESOLVED FIXED
Alias: None
Product: Anolis OS 23
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: unspecified
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: happy_orange
QA Contact: bolong_tbl
URL:
Whiteboard:
Keywords: CVE
Depends on:
Blocks:
 
Reported: 2023-10-17 11:28 UTC by 小龙
Modified: 2023-10-17 11:29 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description 小龙 admin 2023-10-17 11:28:09 UTC 
Description:
23.06.0之前的PopplerOutline.cc中存在漏洞,允许远程攻击者通过OutlineItem::open中精心设计的PDF文件造成拒绝服务(DoS)(崩溃)。

Broken commit info:

Bugfix commit info:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe
Comment 1 小龙 admin 2023-10-17 11:29:09 UTC 
PR: 
https://gitee.com/src-anolis-os/poppler/pulls/19