Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 352581 (CVE-2010-4653) - <app-text/poppler-0.14.5: integer overflow and stack corruption (CVE-2010-{4653,4654})
Summary: <app-text/poppler-0.14.5: integer overflow and stack corruption (CVE-2010-{46...
Status: RESOLVED FIXED
Alias: CVE-2010-4653
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://thread.gmane.org/gmane.comp.se...
Whiteboard: A2 [glsa]
Keywords:
Depends on: 349887
Blocks:
  Show dependency tree
 
Reported: 2011-01-24 10:31 UTC by Paweł Hajdan, Jr. (RETIRED)
Modified: 2013-10-06 16:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-24 10:31:37 UTC
1. Due to an integer overflow when parsing CharCodes for fonts and a
failure to check the return value of a memory allocation, it is
possible to trigger writes to a narrow range of offsets from a NULL
pointer.  The chance of being able to exploit this for anything other
than a crash is very remote: on x86 32-bit, there's no chance (since
the write occurs between 0xffffffc4 and 0xfffffffc).  At least the
write lands in valid userspace on x86-64, but in my testing this
memory is never mapped.  Fixed in poppler commit at [1], hopefully
fixed soon at xpdf upstream.

2. Malformed commands may cause corruption of the internal stack used
to maintain graphics contexts, leading to potentially exploitable
memory corruption.  Fixed in poppler commit at [2], hopefully fixed
soon at xpdf upstream.

-Dan

[1] http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
[2] http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9
Comment 1 Maciej Mrozowski gentoo-dev 2011-01-24 18:04:41 UTC
This is already fixed in >=app-text/poppler-0.14.5.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-01-26 00:23:06 UTC
Stabilization taking place in bug 349887.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-02-19 15:31:41 UTC
Stabilization completed. Added to existing GLSA request.
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2011-04-03 18:28:32 UTC
All vulnerable versions removed from tree. Nothing to do for kde here anymore.
Comment 5 Andreas K. Hüttel archtester gentoo-dev 2011-06-05 19:41:46 UTC
Nothing to do for printing either.
Comment 6 Andreas K. Hüttel archtester gentoo-dev 2013-03-16 11:42:45 UTC
Will anyone still read this GLSA if it ever comes out? Come on, stable is poppler-0.20 by now.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2013-10-06 16:08:38 UTC
This issue was resolved and addressed in
 GLSA 201310-03 at http://security.gentoo.org/glsa/glsa-201310-03.xml
by GLSA coordinator Sean Amoss (ackle).