poppler: fix CVE-2025-52886 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-09-05 15:45:50 +0530
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-09-06 16:27:59 +0200
commit	110e57abb5ab72356b1736ce580d93c89cbb68aa (patch)
tree	26236f22ef9eb27f8b951ebb79252131bb0f520a /meta-python/recipes-devtools/python/python-numeric
parent	f8c52b138bb2ba79b8aae7a60898373009213047 (diff)
download	meta-openembedded-110e57abb5ab72356b1736ce580d93c89cbb68aa.tar.gz

poppler: fix CVE-2025-52886

Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue. CVE-2025-52886-0001 and CVE-2025-52886-0002 are dependent commits while rest are actual CVE fixes. References: https://nvd.nist.gov/vuln/detail/CVE-2025-52886 https://security-tracker.debian.org/tracker/CVE-2025-52886 Upstream patches: https://gitlab.freedesktop.org/poppler/poppler/-/commit/d35e11a8f84d396a9d9ef43ef852d377adc3830a https://gitlab.freedesktop.org/poppler/poppler/-/commit/af3e1e1a3577c4e1c66cbe69ebdc6a632038e299 https://gitlab.freedesktop.org/poppler/poppler/-/commit/3449a16d3b1389870eb3e20795e802c6ae8bc04f https://gitlab.freedesktop.org/poppler/poppler/-/commit/ac36affcc8486de38e8905a8d6547a3464ff46e5 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-numeric')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: