Bug 14218

Summary: [CVE 21] poppler 22.05.0 CVE -3
Product: [ROSA-based products] ROSA Fresh Reporter: Vladimir Potapov <v.potapov>
Component: Preinstalled software in the ISOAssignee: ROSA Linux Bugs <bugs>
Status: RESOLVED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: s.matveev
Version: All   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Platform: --- ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Vladimir Potapov 2024-01-11 15:25:33 MSK 
https://nvd.nist.gov/vuln/detail/CVE-2023-34872 exploit!
Comment 1 Svyatoslav Matveev 2024-01-12 12:17:17 MSK 
Уязвимый код предоставлен в более поздней версии.

Introduced by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/fa494b780ab69ef04ba7447ab6d8fc3b46373e59 (poppler-21.08.0)
Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe (poppler-23.06.0)
Comment 2 Vladimir Potapov 2024-01-12 12:19:45 MSK 
(In reply to Svyatoslav Matveev from comment #1)
> Уязвимый код предоставлен в более поздней версии.
> 
> Introduced by:
> https://gitlab.freedesktop.org/poppler/poppler/-/commit/
> fa494b780ab69ef04ba7447ab6d8fc3b46373e59 (poppler-21.08.0)
> Fixed by:
> https://gitlab.freedesktop.org/poppler/poppler/-/commit/
> 591235c8b6c65a2eee88991b9ae73490fd9afdfe (poppler-23.06.0)

еще бы ссылку на страничку, где про это написано...