Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 856475 (CVE-2021-36493, CVE-2022-27655, CVE-2022-33108, CVE-2022-38334, CVE-2022-41842, CVE-2022-41844, CVE-2022-43071, CVE-2022-43295, CVE-2022-45586, CVE-2022-45587, CVE-2023-2663, CVE-2023-2664, CVE-2023-31554, CVE-2023-31557) - app-text/xpdf: multiple vulnerabilities ("fixed in xpdf-5")
Summary: app-text/xpdf: multiple vulnerabilities ("fixed in xpdf-5")
Status: CONFIRMED
Alias: CVE-2021-36493, CVE-2022-27655, CVE-2022-33108, CVE-2022-38334, CVE-2022-41842, CVE-2022-41844, CVE-2022-43071, CVE-2022-43295, CVE-2022-45586, CVE-2022-45587, CVE-2023-2663, CVE-2023-2664, CVE-2023-31554, CVE-2023-31557
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-05 04:03 UTC by John Helmert III
Modified: 2023-06-08 04:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-05 04:03:33 UTC
CVE-2022-33108 (https://forum.xpdfreader.com/viewtopic.php?f=3&t=42284):
https://forum.xpdfreader.com/viewtopic.php?f=3&t=42286
https://forum.xpdfreader.com/viewtopic.php?f=3&t=42287

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.

"That's due to an object loop in the PDF file. I'm planning to
implement a more robust loop checker in Xpdf 5."
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-16 15:31:56 UTC
CVE-2022-38334 (https://forum.xpdfreader.com/viewtopic.php?f=3&t=42314&p=43872):

XPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.

Smells a lot like a duplicate, but very hard to tell with xpdf.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-30 15:14:15 UTC
CVE-2022-41842 (http://www.xpdfreader.com/download.html):
https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928

An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.

CVE-2022-41844 (http://www.xpdfreader.com/download.html):
https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928
https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308&p=43844&hilit=XRef%3A%3Afetch#p43844

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.

Most of these smell like duplicates, really.

"All three of those are loops in the PDF object structure. I'm working on a more robust loop detector for Xpdf 5."
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-16 17:11:26 UTC
CVE-2022-43071 (https://forum.xpdfreader.com/viewtopic.php?f=3&t=42349&p=43959#p43959):

A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

CVE-2022-43295 (https://forum.xpdfreader.com/viewtopic.php?t=42360):

XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.

As always, "I'm working on a more robust loop detector for Xpdf 5."
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-28 03:14:20 UTC
CVE-2022-27655 (https://launchpad.support.sap.com/#/notes/3143437):

When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

CVE-2022-45586 (https://forum.xpdfreader.com/viewtopic.php?t=42361):

Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.

CVE-2022-45587 (https://forum.xpdfreader.com/viewtopic.php?t=42361):

Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.

CVE-2021-36493 (https://forum.xpdfreader.com/viewtopic.php?f=3&t=42160):

Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.

As is tradition, "I'm working on a more robust loop detector for Xpdf 5."
Comment 5 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-11 04:09:31 UTC
CVE-2023-31554 (https://forum.xpdfreader.com/viewtopic.php?t=42421):

xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readPageLabelTree2(Object*). This vulnerability allows attackers to cause a Denial of Service (DoS).

CVE-2023-31557 (https://forum.xpdfreader.com/viewtopic.php?t=42422&sid=acb8ed31bbd74223e3c4d0fb2552c748):

xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readEmbeddedFileTree(Object*). This vulnerability allows attackers to cause a Denial of Service (DoS).

As usual, loop checker will be fixed in xpdf 5.
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-08 04:27:43 UTC
CVE-2023-2663 (https://forum.xpdfreader.com/viewtopic.php?t=42421):

 In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.




CVE-2023-2664 (https://forum.xpdfreader.com/viewtopic.php?t=42422):

 In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.