Summary: | app-text/xpdf: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | bircoph, maintainer-needed |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://forum.xpdfreader.com/viewtopic.php?f=3&t=42185 | ||
Whiteboard: | B2 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-11-14 22:27:27 UTC
CVE-2023-2662 (https://forum.xpdfreader.com/viewtopic.php?t=42505): In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. (In reply to John Helmert III from comment #0) > CVE-2021-40226: > > xpdfreader 4.03 is vulnerable to Buffer Overflow. > > Another famous "fixed in next release", but from over a year ago. Did > this get a fix? Looks like it from the 4.04 changes list: "Added a missing bounds check on stream DecodeParms arrays." The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47a254308b64f4462a3cdcc7ce49655b41b7bdb5 commit 47a254308b64f4462a3cdcc7ce49655b41b7bdb5 Author: Andrew Savchenko <bircoph@gentoo.org> AuthorDate: 2024-07-20 21:04:06 +0000 Commit: Andrew Savchenko <bircoph@gentoo.org> CommitDate: 2024-07-20 21:12:13 +0000 app-text/xpdf: add 4.05 * Add qt6 support per bug 925519, use updated font-paths patch from Andrii Batyiev. * Update simplified Chinese and Korean language support packages. * Fix the following CVEs: - CVE-2018-7453 PDF object loop in AcroForm::scanField - CVE-2018-16369 PDF object loop in AcroForm::scanField - CVE-2019-9587 PDF object loop in Catalog::countPageTree - CVE-2019-9588 PDF object loop in Catalog::countPageTree - CVE-2019-16088 PDF object loop in Catalog::countPageTree - CVE-2022-30524 logic bug in text extractor led to invalid memory access - CVE-2022-30775 integer overflow in rasterizer - CVE-2022-33108 PDF object loop in Catalog::countPageTree - CVE-2022-36561 PDF object loop in AcroForm::scanField - CVE-2022-38222 logic bug in JBIG2 decoder - CVE-2022-38334 PDF object loop in Catalog::countPageTree - CVE-2022-38928 missing bounds check in CFF font converter caused null pointer dereference - CVE-2022-41842 PDF object loop in Catalog::countPageTree - CVE-2022-41843 missing bounds check in CFF font parser caused invalid memory access - CVE-2022-41844 PDF object loop in AcroForm::scanField - CVE-2022-43071 PDF object loop in Catalog::readPageLabelTree2 - CVE-2022-43295 PDF object loop in Catalog::countPageTree - CVE-2022-45586 PDF object loop in Catalog::countPageTree - CVE-2022-45587 PDF object loop in Catalog::countPageTree - CVE-2023-2662 Divide-by-zero in Xpdf 4.04 due to bad color space object - CVE-2023-2663 PDF object loop in Catalog::readPageLabelTree2 - CVE-2023-2664 PDF object loop in Catalog::readEmbeddedFileTree - CVE-2023-3044 Divide-by-zero in Xpdf 4.04 due to very large page size - CVE-2023-3436 Deadlock in Xpdf 4.04 due to PDF object stream references Closes: https://bugs.gentoo.org/925519 Bug: https://bugs.gentoo.org/845027 Bug: https://bugs.gentoo.org/856475 Bug: https://bugs.gentoo.org/881351 Bug: https://bugs.gentoo.org/908037 Signed-off-by: Andrew Savchenko <bircoph@gentoo.org> app-text/xpdf/Manifest | 4 + app-text/xpdf/files/xpdf-4.05-font-paths.patch | 46 +++++++ app-text/xpdf/xpdf-4.05.ebuild | 161 +++++++++++++++++++++++++ 3 files changed, 211 insertions(+) I have moved the CVE fixed in 4.05 over to bug 936407 so we can keep tracking the unfixed issue here. |