Hi! xpdf-4.05 fixes at least 24 CVEs, in ~arch now. Some of them are mentioned in other bugs, but not all. So the alias of this bug contails CVEs not mentioned elsewhere. Two bugs (681140, 681112, 684846) are closed in Gentoo, but upstream mentions this CVEs closed in the Changelog only now, maybe earlier fixes were not complete. Here is the summary table to make things easier: Gentoo bug | CVE | Description - CVE-2018-7453 PDF object loop in AcroForm::scanField - CVE-2018-16369 PDF object loop in AcroForm::scanField 681140 - CVE-2019-9587 PDF object loop in Catalog::countPageTree 681112 - CVE-2019-9588 PDF object loop in Catalog::countPageTree 684846 - CVE-2019-16088 PDF object loop in Catalog::countPageTree 845027 - CVE-2022-30524 logic bug in text extractor led to invalid memory access 845027 - CVE-2022-30775 integer overflow in rasterizer 856475 - CVE-2022-33108 PDF object loop in Catalog::countPageTree - CVE-2022-36561 PDF object loop in AcroForm::scanField 845027 - CVE-2022-38222 logic bug in JBIG2 decoder 856475 - CVE-2022-38334 PDF object loop in Catalog::countPageTree 845027 - CVE-2022-38928 missing bounds check in CFF font converter caused null pointer dereference 856475 - CVE-2022-41842 PDF object loop in Catalog::countPageTree 845027 - CVE-2022-41843 missing bounds check in CFF font parser caused invalid memory access 856475 - CVE-2022-41844 PDF object loop in AcroForm::scanField 856475 - CVE-2022-43071 PDF object loop in Catalog::readPageLabelTree2 856475 - CVE-2022-43295 PDF object loop in Catalog::countPageTree 856475 - CVE-2022-45586 PDF object loop in Catalog::countPageTree 856475 - CVE-2022-45587 PDF object loop in Catalog::countPageTree 881351 - CVE-2023-2662 Divide-by-zero in Xpdf 4.04 due to bad color space object 856475 - CVE-2023-2663 PDF object loop in Catalog::readPageLabelTree2 856475 - CVE-2023-2664 PDF object loop in Catalog::readEmbeddedFileTree 908037 - CVE-2023-3044 Divide-by-zero in Xpdf 4.04 due to very large page size - CVE-2023-3436 Deadlock in Xpdf 4.04 due to PDF object stream references
Thanks for sorting this out. I've moved fixed CVEs from other multi-CVE bugs here if there were also unfixed CVEs for those bugs, so we can keep the fixed an unfixed issues separate. On to a stable bug :-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=fe5f44a92c358b6196f8c599e9199edaa35a33ad commit fe5f44a92c358b6196f8c599e9199edaa35a33ad Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-09-25 06:29:34 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-09-25 06:29:45 +0000 [ GLSA 202409-25 ] Xpdf: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/845027 Bug: https://bugs.gentoo.org/908037 Bug: https://bugs.gentoo.org/936407 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202409-25.xml | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+)