poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
poppler (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Bionic |
Fix Released
|
Undecided
|
Marc Deslauriers |
Bug Description
The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break the Splash output rendering, for example if using the xpdf utility that relies on Poppler splash output, or as used by the GDAL library (the issue was detected due to breakage in GDAL continuous integration tests)
I've traced the root cause to those security updates enabling in 'rules' CMYK (--enable-cmyk for 0.41.0-0ubuntu1.15 and -DSPLASH_CMYK=ON for 0.62.0-2ubuntu2.11)
Building without CMYK restore poppler in a working state. It should be noted that even on the upstream 0.41.0 version, enabling CMYK result in a non-functional build, so it is not related to the patches applied on top of it, but really on enabling CMYK
The issue can be verified with "xpdf test_ogc_bp.pdf" with the attached test_ogc_bp.pdf file. With the new packages, xpdf crashes, whereas with older ones it displays a 20x20 greyscale image.
Or with "gdal_translate test_ogc_bp.pdf out.png -of PNG" when installing the "gdal-bin" package, that currently errors out with a message like "ERROR 1: Bitmap decoded size (18623872x0) doesn't match raster size (20x20)"
CVE References
information type: | Public → Public Security |
information type: | Public Security → Public |
Thanks for reporting this, I'll back out the fix and will release updates shortly.