Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 908037 (CVE-2023-3044) - <app-text/xpdf-4.05: divide by zero vulnerability
Summary: <app-text/xpdf-4.05: divide by zero vulnerability
Status: CONFIRMED
Alias: CVE-2023-3044
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [stable?]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-06-08 04:29 UTC by John Helmert III
Modified: 2024-07-21 06:07 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-08 04:29:25 UTC 
CVE-2023-3044 (https://www.xpdfreader.com/security-bug/CVE-2023-3044.html):

An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.




This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.



"This will be fixed in Xpdf 4.05."
Comment 1 Larry the Git Cow gentoo-dev 2024-07-20 21:12:39 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=47a254308b64f4462a3cdcc7ce49655b41b7bdb5

commit 47a254308b64f4462a3cdcc7ce49655b41b7bdb5
Author:     Andrew Savchenko <bircoph@gentoo.org>
AuthorDate: 2024-07-20 21:04:06 +0000
Commit:     Andrew Savchenko <bircoph@gentoo.org>
CommitDate: 2024-07-20 21:12:13 +0000

    app-text/xpdf: add 4.05
    
    * Add qt6 support per bug 925519, use updated font-paths patch from
    Andrii Batyiev.
    
    * Update simplified Chinese and Korean language support packages.
    
    * Fix the following CVEs:
      - CVE-2018-7453 PDF object loop in AcroForm::scanField
      - CVE-2018-16369 PDF object loop in AcroForm::scanField
      - CVE-2019-9587 PDF object loop in Catalog::countPageTree
      - CVE-2019-9588 PDF object loop in Catalog::countPageTree
      - CVE-2019-16088 PDF object loop in Catalog::countPageTree
      - CVE-2022-30524 logic bug in text extractor led to invalid memory access
      - CVE-2022-30775 integer overflow in rasterizer
      - CVE-2022-33108 PDF object loop in Catalog::countPageTree
      - CVE-2022-36561 PDF object loop in AcroForm::scanField
      - CVE-2022-38222 logic bug in JBIG2 decoder
      - CVE-2022-38334 PDF object loop in Catalog::countPageTree
      - CVE-2022-38928 missing bounds check in CFF font converter caused null
                       pointer dereference
      - CVE-2022-41842 PDF object loop in Catalog::countPageTree
      - CVE-2022-41843 missing bounds check in CFF font parser caused invalid
                       memory access
      - CVE-2022-41844 PDF object loop in AcroForm::scanField
      - CVE-2022-43071 PDF object loop in Catalog::readPageLabelTree2
      - CVE-2022-43295 PDF object loop in Catalog::countPageTree
      - CVE-2022-45586 PDF object loop in Catalog::countPageTree
      - CVE-2022-45587 PDF object loop in Catalog::countPageTree
      - CVE-2023-2662 Divide-by-zero in Xpdf 4.04 due to bad color space object
      - CVE-2023-2663 PDF object loop in Catalog::readPageLabelTree2
      - CVE-2023-2664 PDF object loop in Catalog::readEmbeddedFileTree
      - CVE-2023-3044 Divide-by-zero in Xpdf 4.04 due to very large page size
      - CVE-2023-3436 Deadlock in Xpdf 4.04 due to PDF object stream references
    
    Closes: https://bugs.gentoo.org/925519
    Bug: https://bugs.gentoo.org/845027
    Bug: https://bugs.gentoo.org/856475
    Bug: https://bugs.gentoo.org/881351
    Bug: https://bugs.gentoo.org/908037
    Signed-off-by: Andrew Savchenko <bircoph@gentoo.org>

 app-text/xpdf/Manifest                         |   4 +
 app-text/xpdf/files/xpdf-4.05-font-paths.patch |  46 +++++++
 app-text/xpdf/xpdf-4.05.ebuild                 | 161 +++++++++++++++++++++++++
 3 files changed, 211 insertions(+)