Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 856475 (CVE-2022-33108, CVE-2022-38334, CVE-2022-41842, CVE-2022-41844, CVE-2022-43071, CVE-2022-43295) - app-text/xpdf: multiple vulnerabilities ("fixed in xpdf-5")
Summary: app-text/xpdf: multiple vulnerabilities ("fixed in xpdf-5")
Status: CONFIRMED
Alias: CVE-2022-33108, CVE-2022-38334, CVE-2022-41842, CVE-2022-41844, CVE-2022-43071, CVE-2022-43295
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-05 04:03 UTC by John Helmert III
Modified: 2022-11-16 17:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-05 04:03:33 UTC
CVE-2022-33108 (https://forum.xpdfreader.com/viewtopic.php?f=3&t=42284):
https://forum.xpdfreader.com/viewtopic.php?f=3&t=42286
https://forum.xpdfreader.com/viewtopic.php?f=3&t=42287

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.

"That's due to an object loop in the PDF file. I'm planning to
implement a more robust loop checker in Xpdf 5."
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-16 15:31:56 UTC
CVE-2022-38334 (https://forum.xpdfreader.com/viewtopic.php?f=3&t=42314&p=43872):

XPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.

Smells a lot like a duplicate, but very hard to tell with xpdf.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-30 15:14:15 UTC
CVE-2022-41842 (http://www.xpdfreader.com/download.html):
https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928

An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.

CVE-2022-41844 (http://www.xpdfreader.com/download.html):
https://forum.xpdfreader.com/viewtopic.php?f=1&t=42340&p=43928&hilit=gfseek#p43928
https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308&p=43844&hilit=XRef%3A%3Afetch#p43844

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.

Most of these smell like duplicates, really.

"All three of those are loops in the PDF object structure. I'm working on a more robust loop detector for Xpdf 5."
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-16 17:11:26 UTC
CVE-2022-43071 (https://forum.xpdfreader.com/viewtopic.php?f=3&t=42349&p=43959#p43959):

A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

CVE-2022-43295 (https://forum.xpdfreader.com/viewtopic.php?t=42360):

XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.

As always, "I'm working on a more robust loop detector for Xpdf 5."