ASA-202101-3 log generated external raw

[ASA-202101-3] poppler: arbitrary code execution
Arch Linux Security Advisory ASA-202101-3 ========================================= Severity: High Date : 2021-01-04 CVE-ID : CVE-2020-35702 Package : poppler Type : arbitrary code execution Remote : No Link : Summary ======= The package poppler before version 21.01.0-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 21.01.0-1. # pacman -Syu "poppler>=21.01.0-1" The problem has been fixed upstream in version 21.01.0. Workaround ========== None. Description =========== DCTStream::getChars in in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. Impact ====== An attacker might be able to execute arbitrary code via a crafted PDF document. References ==========