Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 645868 (CVE-2017-1000456) - <app-text/poppler-0.61.0: Invalid read causes crash and can lead to overflow in subsequent calculations (CVE-2017-1000456)
Summary: <app-text/poppler-0.61.0: Invalid read causes crash and can lead to overflow ...
Alias: CVE-2017-1000456
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa+ cve]
Depends on: CVE-2017-14975, CVE-2017-14976, CVE-2017-14977
  Show dependency tree
Reported: 2018-01-27 01:32 UTC by Ian Zimmerman
Modified: 2018-04-08 14:27 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Ian Zimmerman 2018-01-27 01:32:00 UTC
According to the RedHat summary [1]:

libpoppler in poppler version 0.60.1 is vulnerable to an invalid read and subsequent crash when parsing a specially crafted PDF. The invalid read is caused by incorrect boundary validation in, leading to overflow in subsequent calculations.

(I checked and it is present in the gentoo stable version, which is 0.57.0-r1.)

Upstream patch at [2], needs massaging for gentoo stable version.



Reproducible: Always
Comment 1 Andreas Sturmlechner gentoo-dev 2018-04-07 15:43:11 UTC
Cleanup done, security, please proceed.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2018-04-08 14:27:19 UTC
This issue was resolved and addressed in
 GLSA 201804-03 at
by GLSA coordinator Aaron Bauman (b-man).