Debian Patches
Status for poppler/25.03.0-5+deb13u3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| SplashOutputDev-Fix-integer-overflow-in-tilingPatter.patch | SplashOutputDev: Fix integer overflow in tilingPatternFill Use checkedMultiply() to check integer multiplication of surface size and number of repetitions to avoid integer overflow and possible memory issues. |
Marek Kasik <mkasik@redhat.com> | yes | debian upstream | https://gitlab.freedesktop.org/poppler/poppler/-/commit/8352264766652b98336e92359a70b3161a9ab97a | 2026-05-21 |
| Make-sure-regex-doesn-t-stack-overflow-by-limiting-i.patch | Make sure regex doesn't stack overflow by limiting it Happens with very long pdfsubver strings when compiled with -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -flto=auto |
Albert Astals Cid <aacid@kde.org> | no | debian | https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672117c250420787c8c006de98e8c7408 | 2025-03-26 |
| Check-for-duplicate-entries.patch | Check for duplicate entries | Kevin Backhouse <kevinbackhouse@github.com> | no | debian | https://gitlab.freedesktop.org/poppler/poppler/-/commit/4ce27cc826bf90cc8dbbd8a8c87bd913cccd7ec0 | 2025-09-03 |
| CVE-2025-32364.patch | PSStack::roll: Protect against doing int = -INT_MIN | Albert Astals Cid <aacid@kde.org> | no | upstream 25.04 | 2025-03-24 | |
| CVE-2025-32365.patch | Move isOk check to inside JBIG2Bitmap::combine | Albert Astals Cid <aacid@kde.org> | no | upstream 25.04 | 2025-03-31 | |
| CVE-2025-43903.patch | Properly verify adbe.pkcs7.sha1 signatures. For signatures with non-empty encapsulated content (typically adbe.pkcs7.sha1), we only compared hash values and never actually checked SignatureValue within SignerInfo. The bug introduced by c7c0207b1cfe49a4353d6cda93dbebef4508138f made trivial signature forgeries possible. Fix this by calling NSS_CMSSignerInfo_Verify() after the hash values compare equal. |
Juraj Ĺ arinay <juraj@sarinay.com> | no | upstream 25.04.0 | 2025-03-06 | |
| CVE-2025-52886.patch | Limit ammount of annots per document/page | Sune Vuorela <sune@vuorela.dk> | no | 2025-06-03 | ||
| CVE-2025-50420.patch | Fix crash in pdfseparate Don't continue recursing in PDFDoc::mark* if things looks a bit weirder than expected |
Sune Vuorela <sune@vuorela.dk> | no | 2025-07-29 |
All known versions for source package 'poppler'
- 26.01.0-5 (sid, forky)
- 25.03.0-5+deb13u3 (trixie-security)
- 25.03.0-5+deb13u2 (trixie)
- 22.12.0-2+deb12u2 (bookworm-security)
- 22.12.0-2+deb12u1 (bookworm)