Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 647776 (CVE-2015-9252, CVE-2017-18183, CVE-2017-18184, CVE-2017-18185, CVE-2017-18186) - <app-text/qpdf-7.0.0: Multiple vulnerabilities
Summary: <app-text/qpdf-7.0.0: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2015-9252, CVE-2017-18183, CVE-2017-18184, CVE-2017-18185, CVE-2017-18186
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-15 21:11 UTC by GLSAMaker/CVETool Bot
Modified: 2018-05-15 14:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-15 21:11:01 UTC 
CVE-2017-18186 (https://nvd.nist.gov/vuln/detail/CVE-2017-18186):
  An issue was discovered in QPDF before 7.0.0. There is an infinite loop due
  to looping xref tables in QPDF.cc.

CVE-2017-18185 (https://nvd.nist.gov/vuln/detail/CVE-2017-18185):
  An issue was discovered in QPDF before 7.0.0. There is a large heap-based
  out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is
  caused by an integer overflow in the PNG filter.

CVE-2017-18184 (https://nvd.nist.gov/vuln/detail/CVE-2017-18184):
  An issue was discovered in QPDF before 7.0.0. There is a stack-based
  out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.

CVE-2017-18183 (https://nvd.nist.gov/vuln/detail/CVE-2017-18183):
  An issue was discovered in QPDF before 7.0.0. There is an infinite loop in
  the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.

CVE-2015-9252 (https://nvd.nist.gov/vuln/detail/CVE-2015-9252):
  An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack
  exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related
  to the QPDF::resolve function in QPDF.cc.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-02-15 21:13:12 UTC 
@Maintainers since qpdf is already being stabilized in bug 626446, could you please confirm if these CVEs are fixed in that version?
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-03-25 19:36:12 UTC 
7.0.0 contains the fix and is already stable.

GLSA Vote: No

@maintainers, please clean the vulnerable versions.
Comment 3 Larry the Git Cow gentoo-dev 2018-05-15 14:24:31 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93eba83ee616d8c388265c04645f1bdd5e9bab73

commit 93eba83ee616d8c388265c04645f1bdd5e9bab73
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-05-14 22:39:24 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-05-15 14:24:04 +0000

    app-text/qpdf: drop vulnerable
    
    Bug: https://bugs.gentoo.org/647776
    Package-Manager: Portage-2.3.36, Repoman-2.3.9
    Closes: https://github.com/gentoo/gentoo/pull/8407

 app-text/qpdf/Manifest             |  3 --
 app-text/qpdf/qpdf-5.1.1-r1.ebuild | 59 --------------------------------------
 app-text/qpdf/qpdf-5.1.3-r1.ebuild | 59 --------------------------------------
 app-text/qpdf/qpdf-6.0.0-r2.ebuild | 55 -----------------------------------
 4 files changed, 176 deletions(-)