| Package | poppler |
|---|---|
| Version | 0.26.5-2+deb8u16 (jessie), 0.48.0-2+deb9u6 (stretch) |
| Related CVEs | CVE-2020-36023 CVE-2020-36024 |
Two vulnerabilities have been fixed in poppler, a PDF rendering library.
CVE-2020-36023
Infinite loop in FoFiType1C::cvtGlyph()
CVE-2020-36024
NULL dereference in FoFiType1C::convertToType1()
For Debian 8 jessie, these problems have been fixed in version 0.26.5-2+deb8u16.
For Debian 9 stretch, these problems have been fixed in version 0.48.0-2+deb9u6.
We recommend that you upgrade your poppler packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.