[tex-live] Recent poppler vulnerabilities?

Alexander Cherepanov cherepan at mccme.ru
Sat Oct 24 16:56:37 CEST 2009


Hi Norbert!
On Sat, 24 Oct 2009 14:16:10 +0200, Norbert Preining <preining at logic.at> wrote:

>> Fixed version is Poppler 0.12.1, released on Oct 18, 2009.

> Might be interesting, but the source code in TL does not support
> poppler >> 0.10. They (poppler people) again changed API and removed
> some functions, so patches are necessary.
> 
> Ubuntu people have patches for TL ready, and I have included in my
> preliminary TL2009 packages for Debian.
> 
> In due time I will update the files in TL with the respective #if to get 
> it working with poppler 0.12.
> 
> OTOH, most CVE are not really a problem for the tex programs itself, more
> for the viewers, so maybe TW could actually profit from it.

Hm, I mainly thought about viewing malicious pdf files with texworks 
(say, when it asssociates with .pdf files and becomes default pdf 
viewer under windows) but it may be interesting to look into tex also. 
Wild guess: is poppler involved when you do 
\includegraphics{input.pdf} in pdflatex?

Alexander Cherepanov




More information about the tex-live mailing list