Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 867958 (CVE-2021-30860, CVE-2022-38784) - <app-text/poppler-22.09.0: JBIG2 integer overflow to code execution
Summary: <app-text/poppler-22.09.0: JBIG2 integer overflow to code execution
Status: CONFIRMED
Alias: CVE-2021-30860, CVE-2022-38784
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal critical (vote)
Assignee: Gentoo Security
URL: https://poppler.freedesktop.org/relea...
Whiteboard: A1 [stable?]
Keywords:
Depends on: 867094 859184
Blocks:
  Show dependency tree
 
Reported: 2022-09-02 02:18 UTC by John Helmert III
Modified: 2022-09-08 05:33 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-02 02:18:47 UTC
CVE-2022-38784:

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

Fixed in: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52
See also: https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6

Please bump to 22.09.0.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-09-02 02:34:11 UTC
Fixes CVE-2021-30860 too (https://github.com/freedesktop/poppler/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52).

"An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."

https://www.sans.org/blog/what-you-need-to-know-about-cve-2021-30860-aka-forcedentry/
Comment 2 Larry the Git Cow gentoo-dev 2022-09-02 02:34:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=819d8f855df663924e6c124088cdc215653f852a

commit 819d8f855df663924e6c124088cdc215653f852a
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-09-02 02:26:55 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-09-02 02:27:10 +0000

    app-text/poppler: add 22.09.0
    
    Bug: https://bugs.gentoo.org/867958
    Signed-off-by: Sam James <sam@gentoo.org>

 app-text/poppler/Manifest               |   2 +
 app-text/poppler/poppler-22.09.0.ebuild | 134 ++++++++++++++++++++++++++++++++
 app-text/poppler/poppler-9999.ebuild    |   2 +-
 3 files changed, 137 insertions(+), 1 deletion(-)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-09-02 02:38:24 UTC
(In reply to Sam James from comment #1)
> Fixes CVE-2021-30860 too
> (https://github.com/freedesktop/poppler/commit/
> 27354e9d9696ee2bc063910a6c9a6b27c5184a52).
> 
> "An integer overflow was addressed with improved input validation. This
> issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS
> 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted
> PDF may lead to arbitrary code execution. Apple is aware of a report that
> this issue may have been actively exploited."
> 
> https://www.sans.org/blog/what-you-need-to-know-about-cve-2021-30860-aka-
> forcedentry/

(fwiw, I'm not convinced at all it's actually this, unless Apple is vendoring a lot of Poppler, but...)
Comment 4 Larry the Git Cow gentoo-dev 2022-09-02 02:41:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5c8dc5fbd1bff22f355891078c55c777c532c93

commit a5c8dc5fbd1bff22f355891078c55c777c532c93
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-09-02 02:41:41 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-09-02 02:41:41 +0000

    app-text/poppler: unkeyword 22.09.0 for a moment
    
    LO needs a patch
    
    Bug: https://bugs.gentoo.org/867958
    Signed-off-by: Sam James <sam@gentoo.org>

 app-text/poppler/poppler-22.09.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-09-02 04:39:01 UTC
commit 5908d48769d80baedb730c61b2605a983d97bb0f (HEAD -> master, origin/master, origin/HEAD)
Author: Sam James <sam@gentoo.org>
Date:   Fri Sep 2 05:37:21 2022 +0100

    app-office/scribus: fix build with Poppler 22.09.0

    Signed-off-by: Sam James <sam@gentoo.org>

commit 9f2169be9339bfaad54aa9bf60373ff01a79f8c3
Author: Sam James <sam@gentoo.org>
Date:   Fri Sep 2 05:25:00 2022 +0100

    media-gfx/inkscape: fix build with Poppler 22.09.0

    Signed-off-by: Sam James <sam@gentoo.org>

commit 3fe3e0dc873e97eb1bb5ccb2846fffee35182caa
Author: Sam James <sam@gentoo.org>
Date:   Fri Sep 2 05:20:17 2022 +0100

    app-office/libreoffice: fix build with Poppler 22.09.0

    Signed-off-by: Sam James <sam@gentoo.org>
Comment 6 Larry the Git Cow gentoo-dev 2022-09-02 05:52:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f27c346bd97bc4dad857c09cdec1f06766020aa

commit 8f27c346bd97bc4dad857c09cdec1f06766020aa
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-09-02 04:40:34 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-09-02 05:33:19 +0000

    app-text/poppler: keyword 22.09.0
    
    I swear I did try LO + Scribus beforehand! But didn't have
    have pdfimport on and I have no idea about Scribus.
    
    All fixed now.
    
    Bug: https://bugs.gentoo.org/867958
    Signed-off-by: Sam James <sam@gentoo.org>

 app-text/poppler/poppler-22.09.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)