843149 – (CVE-2022-27337) <app-text/poppler-22.05.0: DoS in Hints::Hints

Bug 843149 (CVE-2022-27337) - <app-text/poppler-22.05.0: DoS in Hints::Hints

Summary: <app-text/poppler-22.05.0: DoS in Hints::Hints

Status:	CONFIRMED

Alias:	CVE-2022-27337

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://gitlab.freedesktop.org/popple...
Whiteboard:	B3 [glsa?]
Keywords:	PullRequest

Depends on:	boost-1.79-stable, qt-5.15.4-stable
Blocks:
	Show dependency tree

Reported:	2022-05-07 14:32 UTC by John Helmert III
Modified:	2022-06-26 06:13 UTC (History)
CC List:	2 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/25970
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-05-07 14:32:59 UTC

CVE-2022-27337:

A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Patched: https://gitlab.freedesktop.org/poppler/poppler/-/commit/81044c64b9ed9a10ae82a28bac753060bdfdac74

Fix in 22.04.0.

Comment 1 Larry the Git Cow gentoo-dev

2022-05-07 21:00:24 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc6f26f3a5f8e1bf549fa072dd6cf78445634e0c

commit bc6f26f3a5f8e1bf549fa072dd6cf78445634e0c
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-05-07 20:59:42 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-05-07 21:00:17 +0000

    app-text/poppler: add 22.05.0
    
    Bug: https://bugs.gentoo.org/843149
    Signed-off-by: Sam James <sam@gentoo.org>

 app-text/poppler/Manifest                          |   1 +
 .../files/poppler-22.05.0-missing-include.patch    |  18 +++
 app-text/poppler/poppler-22.05.0.ebuild            | 127 +++++++++++++++++++++
 app-text/poppler/poppler-9999.ebuild               |   4 +-
 4 files changed, 148 insertions(+), 2 deletions(-)

Comment 2 Larry the Git Cow gentoo-dev

2022-06-19 09:13:05 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7feedffd8c03010b8735e20342912419f2743f47

commit 7feedffd8c03010b8735e20342912419f2743f47
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2022-06-19 07:01:08 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2022-06-19 09:12:44 +0000

    app-text/poppler: Cleanup vulnerable 22.03.0
    
    Bug: https://bugs.gentoo.org/843149
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 app-text/poppler/Manifest               |   1 -
 app-text/poppler/poppler-22.03.0.ebuild | 126 --------------------------------
 2 files changed, 127 deletions(-)

Comment 3 Andreas Sturmlechner gentoo-dev

2022-06-19 09:14:32 UTC

Cleanup done, kde proj out.