Some vulnerabilities have been reported in Poppler, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise an application using the library.
The vulnerabilities are caused due to e.g. memory leak errors, array
indexing errors, and the use of uninitialized memory when parsing
malformed PDF files, which can be exploited to e.g. cause a crash by
tricking a user into processing a specially crafted PDF file in an
application using the library.
Fixed in the GIT repository.
PROVIDED AND/OR DISCOVERED BY:
Joel Voss, Leviathan Security Group
All mentioned commits apart from http://cgit.freedesktop.org/poppler/poppler/commit/?id=c6a091512745771894b54a71613fd6b5ca1adcb3 (memleak) are backported to 0.14 branch and present in 0.14.4 I just commited to tree.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Does not compile on alpha:
[ 97%] Building CXX object cpp/CMakeFiles/poppler-cpp.dir/poppler-private.cpp.o
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp: In member function 'poppler::byte_array poppler::ustring::to_utf8() const':
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:103: error: invalid conversion from 'const char**' to 'char**'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:103: error: initializing argument 2 of 'size_t iconv(void*, char**, size_t*, char**, size_t*)'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:109: error: invalid conversion from 'const char**' to 'char**'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:109: error: initializing argument 2 of 'size_t iconv(void*, char**, size_t*, char**, size_t*)'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp: In static member function 'static poppler::ustring poppler::ustring::from_utf8(const char*, int)':
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:154: error: invalid conversion from 'const char**' to 'char**'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:154: error: initializing argument 2 of 'size_t iconv(void*, char**, size_t*, char**, size_t*)'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:160: error: invalid conversion from 'const char**' to 'char**'
/var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp:160: error: initializing argument 2 of 'size_t iconv(void*, char**, size_t*, char**, size_t*)'
distcc ERROR: compile /var/tmp/portage/app-text/poppler-0.14.4/work/poppler-0.14.4/cpp/poppler-global.cpp on localhost failed
tracking bug is 341303
Stable for HPPA.
Stable on alpha.
Thanks, folks. GLSA together with bug 263028.
No vulnerable version left in tree.
Nothing to do for kde here anymore.
The PostScriptFunction::PostScriptFunction function in poppler/Function.cc
in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1,
and possibly other products, allows context-dependent attackers to cause a
denial of service (crash) via a PDF file that triggers an uninitialized
Will anyone still read this GLSA if it ever comes out? Come on, stable is poppler-0.20 by now.
This issue was resolved and addressed in
GLSA 201310-03 at http://security.gentoo.org/glsa/glsa-201310-03.xml
by GLSA coordinator Sean Amoss (ackle).