Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 747151 (CVE-2020-26519) - <app-text/mupdf-1.18.0: Heap based buffer over-write when parsing JBIG (CVE-2020-26519)
Summary: <app-text/mupdf-1.18.0: Heap based buffer over-write when parsing JBIG (CVE-2...
Status: RESOLVED FIXED
Alias: CVE-2020-26519
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ cve]
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2020-10-07 19:11 UTC by Sam James
Modified: 2021-05-26 10:29 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-10-07 19:11:36 UTC
"Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service."

Bug (restricted): https://bugs.ghostscript.com/show_bug.cgi?id=702937
Patch: https://bugs.ghostscript.com/show_bug.cgi?id=702937
Comment 1 Larry the Git Cow gentoo-dev 2020-10-13 23:21:43 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=197b4aee35918341c66b38a761b111d978b00fa6

commit 197b4aee35918341c66b38a761b111d978b00fa6
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-10-13 23:21:32 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-10-13 23:21:39 +0000

    app-text/mupdf: add additional security patches
    
    * Harden populate_ui against unexpected repairs [0]
    * Fix overflow in fz_clear_pixmap_with_value [1]
    
    Both patches were committed post-1.18.0 upstream.
    
    [0] https://github.com/ArtifexSoftware/mupdf/commit/b82e9b6d6b46877e5c376.patch
    [1] https://github.com/ArtifexSoftware/mupdf/commit/32e4e8b4bcbacbf92af7c.patch
    
    Bug: https://bugs.gentoo.org/747151
    Package-Manager: Portage-3.0.8, Repoman-3.0.1
    Signed-off-by: Sam James <sam@gentoo.org>

 .../files/mupdf-1.18.0-fix-oob-in-pdf-layer.c      | 102 +++++++++++++++++++++
 .../mupdf/files/mupdf-1.18.0-fix-oob-in-pixmap.c   |  41 +++++++++
 app-text/mupdf/mupdf-1.18.0.ebuild                 |   3 +
 3 files changed, 146 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a986634efb6c5c0842444e989d86e10472412699

commit a986634efb6c5c0842444e989d86e10472412699
Author:     Volkmar W. Pogatzki <gentoo@pogatzki.net>
AuthorDate: 2020-10-12 10:51:19 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-10-13 23:21:38 +0000

    app-text/mupdf: bump to 1.18.0 (CVE-2020-26519)
    
    Bug: https://bugs.gentoo.org/747151
    Removing some keywords (RDEPEND dev-libs/gumbo)
    
    Package-Manager: Portage-3.0.8, Repoman-3.0.1
    Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net>
    Closes: https://github.com/gentoo/gentoo/pull/17898
    Signed-off-by: Sam James <sam@gentoo.org>

 app-text/mupdf/Manifest                            |   1 +
 app-text/mupdf/files/mupdf-1.18-Makefile.patch     |  42 ++++++
 .../mupdf/files/mupdf-1.18.0-cross-fixes.patch     | 128 ++++++++++++++++++
 app-text/mupdf/mupdf-1.18.0.ebuild                 | 150 +++++++++++++++++++++
 4 files changed, 321 insertions(+)
Comment 2 NATTkA bot gentoo-dev 2020-10-13 23:24:58 UTC Comment hidden (obsolete)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-10-13 23:25:55 UTC
Ugh. We will need to see if we can improve the LibreSSL dep here because 3.2.0 is not stable upstream.
Comment 4 NATTkA bot gentoo-dev 2020-10-14 18:37:01 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2020-10-14 19:33:01 UTC Comment hidden (obsolete)
Comment 6 Larry the Git Cow gentoo-dev 2020-10-14 19:51:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ebc61a7729ce75f3593703cfce7216983f2fb6c

commit 9ebc61a7729ce75f3593703cfce7216983f2fb6c
Author:     Volkmar W. Pogatzki <gentoo@pogatzki.net>
AuthorDate: 2020-10-14 05:07:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-10-14 19:51:19 +0000

    profiles/base/p.use.stable.mask: add app-text/mupdf[libressl]
    
    Bug: https://bugs.gentoo.org/747151
    Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net>
    Closes: https://github.com/gentoo/gentoo/pull/17919
    Signed-off-by: Sam James <sam@gentoo.org>

 profiles/base/package.use.stable.mask | 5 +++++
 1 file changed, 5 insertions(+)
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2020-10-15 22:47:01 UTC
ppc/ppc64 stable
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2020-10-18 15:12:22 UTC
x86 stable
Comment 9 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-10-18 23:53:55 UTC
arm done
Comment 10 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-10-19 03:14:39 UTC
arm64 done
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-11-01 15:24:44 UTC
amd64 done

all arches done
Comment 12 NATTkA bot gentoo-dev 2020-11-03 03:56:53 UTC Comment hidden (obsolete)
Comment 13 NATTkA bot gentoo-dev 2020-11-10 05:21:07 UTC Comment hidden (obsolete)
Comment 14 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-12-27 09:25:44 UTC
Ping for cleanup (and vote)
Comment 15 NATTkA bot gentoo-dev 2020-12-27 09:28:56 UTC
Unable to check for sanity:

> no match for package: app-text/mupdf-1.18.0-r1
Comment 16 Larry the Git Cow gentoo-dev 2021-01-18 00:47:35 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0db1d8bdcd759b37b1e6190eaee89ac963c14149

commit 0db1d8bdcd759b37b1e6190eaee89ac963c14149
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-01-18 00:40:07 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-01-18 00:46:35 +0000

    app-text/mupdf: security cleanup
    
    Bug: https://bugs.gentoo.org/747151
    Package-Manager: Portage-3.0.12, Repoman-3.0.2
    Signed-off-by: Sam James <sam@gentoo.org>

 app-text/mupdf/Manifest            |   1 -
 app-text/mupdf/mupdf-1.17.0.ebuild | 144 -------------------------------------
 2 files changed, 145 deletions(-)
Comment 17 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-25 20:59:46 UTC
Adding to an existing GLSA request.
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 10:29:08 UTC
This issue was resolved and addressed in
 GLSA 202105-30 at https://security.gentoo.org/glsa/202105-30
by GLSA coordinator Thomas Deutschmann (whissi).