216850 – app-text/poppler <0.6.3 xpdf Object embedded font function dereference (CVE-2008-1693)

Bug 216850 - app-text/poppler <0.6.3 xpdf Object embedded font function dereference (CVE-2008-1693)

Summary: app-text/poppler <0.6.3 xpdf Object embedded font function dereference (CVE-2...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [glsa]
Keywords:

Duplicates (1):	CVE-2008-1693 (view as bug list)
Depends on:	201448
Blocks:
	Show dependency tree

Reported:	2008-04-08 10:04 UTC by Robert Buchholz (RETIRED)
Modified:	2020-04-08 21:46 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-04-08 10:04:05 UTC

xpdf / poppler does not type-check the the "stream" object before dereferencing a function from it, allowing for arbitrary code execution via pdf files with embedded fonts.

We have quite some places where this needs fixing. Embargo date is April, 15 currently.

Comment 1 Daniel Gryniewicz (RETIRED) gentoo-dev

2008-04-10 18:33:05 UTC

I'm waiting for some indication of how to fix this...

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-04-10 21:26:41 UTC

A patch was introduced in the 0.6.2 release, and is available here:
http://gitweb.freedesktop.org/?p=poppler/poppler.git;a=commitdiff;h=1a531dcfee1c6fc79a414c38cbe7327fbf9a59d8


Arch Security Liaisons, please test and mark stable:
=app-text/poppler-0.6.3
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86"

CC'ing current Liaisons:
   alpha : ferdy
   amd64 : welp
    hppa : jer
     ppc : dertobi123
   ppc64 : corsair
 release : pva
   sparc : fmccor
     x86 : opfer

Comment 3 Robert Buchholz (RETIRED) gentoo-dev

2008-04-10 22:15:45 UTC

dang, anything that can be done about bug 201448 beforehand?

Comment 4 Robert Buchholz (RETIRED) gentoo-dev

2008-04-10 22:19:36 UTC

As it seems, neither KPDF nor TeX are affected, because both had the cairo-related code paths removed.

Comment 5 Daniel Gryniewicz (RETIRED) gentoo-dev

2008-04-10 23:05:13 UTC

I'll take a look.  I don't have anything with qt, so it will take a bit.

Comment 6 Daniel Gryniewicz (RETIRED) gentoo-dev

2008-04-11 00:23:57 UTC

Okay, bug 201448 is fixed.

Comment 7 Jeroen Roovers (RETIRED) gentoo-dev

2008-04-12 13:41:44 UTC

Probably a good idea to test and mark app-text/poppler-bindings-0.6.3 stable in the same go.

Comment 8 Jeroen Roovers (RETIRED) gentoo-dev

2008-04-12 14:01:06 UTC

Stable for HPPA:
   =app-text/poppler-0.6.3
   =app-text/poppler-bindings-0.6.3

Anything else? :)

Comment 9 Raúl Porcel (RETIRED) gentoo-dev

2008-04-12 21:15:49 UTC

alpha/ia64/sparc/x86 stable

Comment 10 Markus Rothe (RETIRED) gentoo-dev

2008-04-14 06:01:18 UTC

ppc64 stable

Comment 11 Markus Meier gentoo-dev

2008-04-14 21:00:05 UTC

amd64 stable

Comment 12 Robert Buchholz (RETIRED) gentoo-dev

2008-04-17 11:25:43 UTC

ppc stable (proxy commit for dertobi123)

Comment 13 Robert Buchholz (RETIRED) gentoo-dev

2008-04-17 11:27:24 UTC

Lifting embargo since the agreed date has passed.

Arches, please test and mark stable:
=app-text/poppler-0.6.3
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86"
Already stabled : "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Missing keywords: "arm m68k release s390 sh"

Comment 14 Robert Buchholz (RETIRED) gentoo-dev

2008-04-17 12:36:51 UTC

GLSA 200804-18

Comment 15 Peter Volkov (RETIRED) gentoo-dev

2008-04-21 07:50:35 UTC

Fixed in release snapshot.

Comment 16 Robert Buchholz (RETIRED) gentoo-dev

2008-05-11 15:50:36 UTC

*** Bug 221297 has been marked as a duplicate of this bug. ***