Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 673860 (CVE-2018-20481, CVE-2018-20551) - <app-text/poppler-0.73.0: multiple vulnerabilities
Summary: <app-text/poppler-0.73.0: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-20481, CVE-2018-20551
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://gitlab.freedesktop.org/popple...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on: CVE-2018-20650 poppler-0.73.0
Blocks:
  Show dependency tree
 
Reported: 2018-12-28 02:41 UTC by D'juan McDonald (domhnall)
Modified: 2019-03-10 04:25 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2018-12-28 02:41:55 UTC
(https://nvd.nist.gov/vuln/detail/CVE-2018-20481):

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.

Patch: https://gitlab.freedesktop.org/adamreichold/poppler/commit/32a92c54f6df4e57f41e4f3ee03bbe5d6e066ef8

@maintainer(s): "Poppler 0.72.0 is vulnerable; other versions may also be affected."


Gentoo Security Padawan
(domhnall)
Comment 1 D'juan McDonald (domhnall) 2018-12-31 05:36:36 UTC
(https://nvd.nist.gov/vuln/detail/CVE-2018-20551):

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.

Upsteam bug: https://gitlab.freedesktop.org/poppler/poppler/issues/703
Upsteam PR: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/146
Comment 2 Andreas Sturmlechner gentoo-dev 2019-03-03 01:04:11 UTC
Cleanup done.