From $URL: DESCRIPTION: Some vulnerabilities have been reported in Poppler, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to e.g. memory leak errors, array indexing errors, and the use of uninitialized memory when parsing malformed PDF files, which can be exploited to e.g. cause a crash by tricking a user into processing a specially crafted PDF file in an application using the library. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Joel Voss, Leviathan Security Group ORIGINAL ADVISORY: Poppler: http://cgit.freedesktop.org/poppler/poppler/commit/?id=473de6f88a055bb03470b4af5fa584be8cb5fda4 http://cgit.freedesktop.org/poppler/poppler/commit/?id=2fe825deac055be82b220d0127169cb3d61387a8 http://cgit.freedesktop.org/poppler/poppler/commit/?id=d2578bd66129466b2dd114b6407c147598e09d2b http://cgit.freedesktop.org/poppler/poppler/commit/?id=c6a091512745771894b54a71613fd6b5ca1adcb3 http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473 http://cgit.freedesktop.org/poppler/poppler/commit/?id=a2dab0238a69240dad08eca2083110b52ce488b7 http://cgit.freedesktop.org/poppler/poppler/commit/?id=3422638b2a39cbdd33a114a7d7debc0a5f688501 http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f http://cgit.freedesktop.org/poppler/poppler/commit/?id=dfdf3602bde47d1be7788a44722c258bfa0c6d6e http://cgit.freedesktop.org/poppler/poppler/commit/?id=26a5817ffec9f05ac63db6c5cd5b1f0871d271c7 http://cgit.freedesktop.org/poppler/poppler/commit/?id=9706e28657ff7ea52aa69d9efb3f91d0cfaee70b
All mentioned commits apart from http://cgit.freedesktop.org/poppler/poppler/commit/?id=c6a091512745771894b54a71613fd6b5ca1adcb3 (memleak) are backported to 0.14 branch and present in 0.14.4 I just commited to tree.
Arches, please test and mark stable: =app-text/poppler-0.14.4 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
amd64 done
x86 stable
ppc done
arm stable
Does not compile on alpha: [ 97%] Building CXX object cpp/CMakeFiles/poppler-cpp.dir/poppler-private.cpp.o /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp: In member function 'poppler::byte_array poppler::ustring::to_utf8() const': /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:103: error: invalid conversion from 'const char**' to 'char**' /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:103: error: initializing argument 2 of 'size_t iconv(void*, char**, size_t*, char**, size_t*)' /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:109: error: invalid conversion from 'const char**' to 'char**' /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:109: error: initializing argument 2 of 'size_t iconv(void*, char**, size_t*, char**, size_t*)' /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp: In static member function 'static poppler::ustring poppler::ustring::from_utf8(const char*, int)': /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:154: error: invalid conversion from 'const char**' to 'char**' /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:154: error: initializing argument 2 of 'size_t iconv(void*, char**, size_t*, char**, size_t*)' /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:160: error: invalid conversion from 'const char**' to 'char**' /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:160: error: initializing argument 2 of 'size_t iconv(void*, char**, size_t*, char**, size_t*)' distcc[10971] ERROR: compile /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp on localhost failed tracking bug is 341303
Stable for HPPA.
ia64/s390/sh/sparc stable
Stable on alpha.
ppc64 done
Thanks, folks. GLSA together with bug 263028.
No vulnerable version left in tree. Nothing to do for kde here anymore.
CVE-2010-3703 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3703): The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.
Will anyone still read this GLSA if it ever comes out? Come on, stable is poppler-0.20 by now.
This issue was resolved and addressed in GLSA 201310-03 at http://security.gentoo.org/glsa/glsa-201310-03.xml by GLSA coordinator Sean Amoss (ackle).