Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 338878 (CVE-2010-3702) - <app-text/poppler-0.14.4: Multiple Vulnerabilities (CVE-2010-{3702,3703,3704})
Summary: <app-text/poppler-0.14.4: Multiple Vulnerabilities (CVE-2010-{3702,3703,3704})
Status: RESOLVED FIXED
Alias: CVE-2010-3702
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://secunia.com/advisories/41596/
Whiteboard: A3 [glsa]
Keywords:
Depends on: 341303
Blocks:
  Show dependency tree
 
Reported: 2010-09-27 06:07 UTC by Tim Sammut (RETIRED)
Modified: 2013-10-06 16:08 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-09-27 06:07:27 UTC
From $URL:

DESCRIPTION:
Some vulnerabilities have been reported in Poppler, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise an application using the library.

The vulnerabilities are caused due to e.g. memory leak errors, array
indexing errors, and the use of uninitialized memory when parsing
malformed PDF files, which can be exploited to e.g. cause a crash by
tricking a user into processing a specially crafted PDF file in an
application using the library.

SOLUTION:
Fixed in the GIT repository.

PROVIDED AND/OR DISCOVERED BY:
Joel Voss, Leviathan Security Group

ORIGINAL ADVISORY:
Poppler:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=473de6f88a055bb03470b4af5fa584be8cb5fda4
http://cgit.freedesktop.org/poppler/poppler/commit/?id=2fe825deac055be82b220d0127169cb3d61387a8
http://cgit.freedesktop.org/poppler/poppler/commit/?id=d2578bd66129466b2dd114b6407c147598e09d2b
http://cgit.freedesktop.org/poppler/poppler/commit/?id=c6a091512745771894b54a71613fd6b5ca1adcb3
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
http://cgit.freedesktop.org/poppler/poppler/commit/?id=a2dab0238a69240dad08eca2083110b52ce488b7
http://cgit.freedesktop.org/poppler/poppler/commit/?id=3422638b2a39cbdd33a114a7d7debc0a5f688501
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
http://cgit.freedesktop.org/poppler/poppler/commit/?id=dfdf3602bde47d1be7788a44722c258bfa0c6d6e
http://cgit.freedesktop.org/poppler/poppler/commit/?id=26a5817ffec9f05ac63db6c5cd5b1f0871d271c7
http://cgit.freedesktop.org/poppler/poppler/commit/?id=9706e28657ff7ea52aa69d9efb3f91d0cfaee70b
Comment 1 Maciej Mrozowski gentoo-dev 2010-10-06 21:59:41 UTC
All mentioned commits apart from http://cgit.freedesktop.org/poppler/poppler/commit/?id=c6a091512745771894b54a71613fd6b5ca1adcb3 (memleak) are backported to 0.14 branch and present in 0.14.4 I just commited to tree.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2010-10-14 00:41:02 UTC
Arches, please test and mark stable:
=app-text/poppler-0.14.4
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

Comment 3 Markos Chandras (RETIRED) gentoo-dev 2010-10-14 08:55:25 UTC
amd64 done
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-10-14 14:51:57 UTC
x86 stable
Comment 5 Brent Baude (RETIRED) gentoo-dev 2010-10-15 12:36:27 UTC
ppc done
Comment 6 Markus Meier gentoo-dev 2010-10-16 14:35:10 UTC
arm stable
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2010-10-16 16:13:58 UTC
Does not compile on alpha:
[ 97%] Building CXX object cpp/CMakeFiles/poppler-cpp.dir/poppler-private.cpp.o
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp: In member function 'poppler::byte_array poppler::ustring::to_utf8() const':
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:103: error: invalid conversion from 'const char**' to 'char**'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:103: error:   initializing argument 2 of 'size_t iconv(void*, char**, size_t*, char**, size_t*)'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:109: error: invalid conversion from 'const char**' to 'char**'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:109: error:   initializing argument 2 of 'size_t iconv(void*, char**, size_t*, char**, size_t*)'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp: In static member function 'static poppler::ustring poppler::ustring::from_utf8(const char*, int)':
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:154: error: invalid conversion from 'const char**' to 'char**'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:154: error:   initializing argument 2 of 'size_t iconv(void*, char**, size_t*, char**, size_t*)'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:160: error: invalid conversion from 'const char**' to 'char**'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:160: error:   initializing argument 2 of 'size_t iconv(void*, char**, size_t*, char**, size_t*)'
distcc[10971] ERROR: compile /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp on localhost failed

tracking bug is 341303
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2010-10-16 17:39:00 UTC
Stable for HPPA.
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2010-10-17 10:59:47 UTC
ia64/s390/sh/sparc stable
Comment 10 Tobias Klausmann (RETIRED) gentoo-dev 2010-10-18 13:51:18 UTC
Stable on alpha.
Comment 11 Mark Loeser (RETIRED) gentoo-dev 2010-10-25 23:13:02 UTC
ppc64 done
Comment 12 Tim Sammut (RETIRED) gentoo-dev 2010-10-26 00:35:11 UTC
Thanks, folks. GLSA together with bug 263028.
Comment 13 Andreas K. Hüttel archtester gentoo-dev 2011-02-14 22:46:33 UTC
No vulnerable version left in tree. 
Nothing to do for kde here anymore.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 13:05:48 UTC
CVE-2010-3703 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3703):
  The PostScriptFunction::PostScriptFunction function in poppler/Function.cc
  in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1,
  and possibly other products, allows context-dependent attackers to cause a
  denial of service (crash) via a PDF file that triggers an uninitialized
  pointer dereference.
Comment 15 Andreas K. Hüttel archtester gentoo-dev 2013-03-16 11:43:29 UTC
Will anyone still read this GLSA if it ever comes out? Come on, stable is poppler-0.20 by now.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2013-10-06 16:08:36 UTC
This issue was resolved and addressed in
 GLSA 201310-03 at http://security.gentoo.org/glsa/glsa-201310-03.xml
by GLSA coordinator Sean Amoss (ackle).