Summary: | <app-text/podofo-0.9.6_pre20170508-r1: Denial of Service | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | zmedico |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | C3 [noglsa/cve] | ||
Package list: |
=app-text/podofo-0.9.6_pre20170508-r1
=virtual/podofo-build-0.9.6_pre20170508-r1
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2017-05-01 15:42:47 UTC
Maintainer(s) please advise if this affects any version prior to 0.9.5. (In reply to Yury German from comment #1) > Maintainer(s) please advise if this affects any version prior to 0.9.5. The vulnerable "m_offsets[i].bParsed = false;" code in the PdfParser::ReadObjects method appears to be present in all versions going back to the oldest one in the tree, 0.9.2. There's a fix r1833, but no tag yet: https://sourceforge.net/p/podofo/code/1833/tree//podofo/trunk/src/base/PdfParser.cpp?diff=50f1cef7e88f3d7cbdd252d0:1832 I'll go ahead and create a snapshot from trunk. Added podofo-0.9.6_pre20170428 ebuild to gentoo: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5685a989182a75db3a35172af432e43468cf42bc Would this fix also apply to Bug 614038? https://bugs.gentoo.org/show_bug.cgi?id=614038 (In reply to Yury German from comment #4) > Would this fix also apply to Bug 614038? > https://bugs.gentoo.org/show_bug.cgi?id=614038 It doesn't. I stopped the fuzz research on podof because there was ~30 bugs and no upstream reaction. From svn I see that ~4/5 bugs were fixed. Bumped to 0.9.6_pre20170508: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=213746d55265ff9167fbf4aa616b840775c4258d Fixes since 0.9.6_pre20170428: ------------------------------------------------------------------------ r1849 | aja_ | 2017-05-08 10:00:13 -0700 (Mon, 08 May 2017) | 2 lines Fix CVE-2017-7994: NULL dereference in TextExtractor::ExtractText() ------------------------------------------------------------------------ r1848 | aja_ | 2017-05-08 07:21:17 -0700 (Mon, 08 May 2017) | 2 lines Fix CVE-2017-7380: NULL dereference in PdfPage::GetFromResources() ------------------------------------------------------------------------ r1847 | aja_ | 2017-05-08 07:15:41 -0700 (Mon, 08 May 2017) | 2 lines Fix CVE-2017-7378: Out of bounds read in PdfPainter::ExpandTabs() ------------------------------------------------------------------------ r1846 | aja_ | 2017-05-08 06:54:34 -0700 (Mon, 08 May 2017) | 2 lines Fix CVE-2017-6847: NULL pointer dereference when reading XObject without BBox ------------------------------------------------------------------------ r1845 | aja_ | 2017-05-08 06:33:17 -0700 (Mon, 08 May 2017) | 2 lines Correct fix for CVE-2017-6840: Too strict check for given arguments. ------------------------------------------------------------------------ r1844 | aja_ | 2017-05-08 06:23:49 -0700 (Mon, 08 May 2017) | 2 lines Fix CVE-2017-6840: Out of bounds read in ColorChanger::GetColorFromStack() ------------------------------------------------------------------------ r1843 | aja_ | 2017-05-08 06:05:38 -0700 (Mon, 08 May 2017) | 5 lines Fix CVE-2017-5855: NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection Throw PoDoFo's Out of memory exception when resize of std::vector fails when reading XRef content. ------------------------------------------------------------------------ Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. I've revbumped it to podofo-0.9.6_pre20170508-r1 with a customized libpodofo.so.0.9.6_pre20170508 soname, since the libpodofo.so.0.9.6 ABI is not necessarily stable yet. We should let this get tested for a couple of days before we call for stabilization. Please stabilize. amd64 stable Stable for HPPA. x86 stable ppc64 stable ppc stable, all arches done. Arches and Maintainer(s), Thank you for your work. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s). Dropped vulnerable versions: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5245004eda3b53d1adc39cbe56a5096600d198b Arches and Maintainer(s), Thank you for your work. Closing noglsa. |