Summary: | <app-text/poppler-0.75.0: Stack-based Buffer Overflows in Dict::find() located at Dict.cc | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | printing, reavertm |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/ | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2019-03-21 07:36:52 UTC
CVE ID: CVE-2019-9903 Summary: PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c21200f502c2efbddf80d5ff88aae6b24213a6dc commit c21200f502c2efbddf80d5ff88aae6b24213a6dc Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2019-06-14 17:53:29 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2019-06-14 20:42:20 +0000 app-text/poppler: Security cleanup Bug: https://bugs.gentoo.org/674618 Bug: https://bugs.gentoo.org/681128 Bug: https://bugs.gentoo.org/681152 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.66, Repoman-2.3.11 app-text/poppler/Manifest | 2 - app-text/poppler/poppler-0.74.0.ebuild | 127 --------------------------------- app-text/poppler/poppler-0.76.1.ebuild | 127 --------------------------------- 3 files changed, 256 deletions(-) Cleanup done, KDE team out. |