USN-5282-1: PDFResurrect vulnerabilities
3 June 2022
Several security issues were fixed in PDFResurrect.
Releases
Packages
- pdfresurrect - tool for extracting versioning data from PDF documents
Details
It was discovered that PDFResurrect was incorrectly handling corrupted PDF
files. An attacker could possibly use this issue to cause a buffer overflow,
resulting in a denial of service, or arbitrary code execution. This issue
only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2019-14267)
It was discovered that PDFResurrect incorrectly handled memory when loading
PDF pages. An attacker could possibly use this issue to cause a heap
buffer overflow, resulting in a denial of service, or arbitrary code execution.
This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2019-14934)
It was discovered that PDFResurrect was incorrectly validating header data in
input PDF files. An attacker could possibly use this issue to cause a heap
buffer overflow, resulting in a denial of service, or arbitrary code execution.
This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM.
(CVE-2020-20740)
Carter Yagemann discovered that PDFResurrect incorrectly handled certain memory
operations during PDF summary generation. An attacker could use this to
cause out-of-bounds writes, resulting in a denial of service (system crash)
or arbitrary code execution. This issue only affected Ubuntu 18.04 ESM and
Ubuntu 20.04 ESM. (CVE-2020-9549)
It was discovered that PDFResurrect was incorrectly processing data when
performing trailer search operations. An attacker could possibly use this issue
to cause an infinite loop, resulting in a denial of service. (CVE-2021-3508)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
-
pdfresurrect
-
0.22-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04
-
pdfresurrect
-
0.19-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04
-
pdfresurrect
-
0.14-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
pdfresurrect
-
0.12-6ubuntu0.2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
Related notices
- USN-4642-1: pdfresurrect