936407 – (CVE-2018-16369, CVE-2018-7453, CVE-2022-33108, CVE-2022-36561, CVE-2022-38334, CVE-2022-41842, CVE-2022-41844, CVE-2022-43071, CVE-2022-43295, CVE-2022-45586, CVE-2022-45587, CVE-2023-2662, CVE-2023-2663, CVE-2023-2664, CVE-2023-3436) <app-text/xpdf-4.05: Multiple Vulnerabilities

Bug 936407 (CVE-2018-16369, CVE-2018-7453, CVE-2022-33108, CVE-2022-36561, CVE-2022-38334, CVE-2022-41842, CVE-2022-41844, CVE-2022-43071, CVE-2022-43295, CVE-2022-45586, CVE-2022-45587, CVE-2023-2662, CVE-2023-2663, CVE-2023-2664, CVE-2023-3436) - <app-text/xpdf-4.05: Multiple Vulnerabilities

Summary: <app-text/xpdf-4.05: Multiple Vulnerabilities

Status:	CONFIRMED

Alias:	CVE-2018-16369, CVE-2018-7453, CVE-2022-33108, CVE-2022-36561, CVE-2022-38334, CVE-2022-41842, CVE-2022-41844, CVE-2022-43071, CVE-2022-43295, CVE-2022-45586, CVE-2022-45587, CVE-2023-2662, CVE-2023-2663, CVE-2023-2664, CVE-2023-3436

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [stable?]
Keywords:

Depends on:
Blocks:

Reported:	2024-07-20 21:38 UTC by Andrew Savchenko
Modified:	2024-07-21 06:11 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Savchenko gentoo-dev

2024-07-20 21:38:27 UTC

Hi!

xpdf-4.05 fixes at least 24 CVEs, in ~arch now. Some of them are mentioned in other bugs, but not all. So the alias of this bug contails CVEs not mentioned elsewhere.

Two bugs (681140, 681112, 684846) are closed in Gentoo, but upstream mentions this CVEs closed in the Changelog only now, maybe earlier fixes were not complete.

Here is the summary table to make things easier:
Gentoo bug | CVE | Description

              - CVE-2018-7453 PDF object loop in AcroForm::scanField
              - CVE-2018-16369 PDF object loop in AcroForm::scanField
681140        - CVE-2019-9587 PDF object loop in Catalog::countPageTree
681112        - CVE-2019-9588 PDF object loop in Catalog::countPageTree
684846        - CVE-2019-16088 PDF object loop in Catalog::countPageTree
845027        - CVE-2022-30524 logic bug in text extractor led to invalid memory access
845027        - CVE-2022-30775 integer overflow in rasterizer
856475        - CVE-2022-33108 PDF object loop in Catalog::countPageTree
              - CVE-2022-36561 PDF object loop in AcroForm::scanField
845027        - CVE-2022-38222 logic bug in JBIG2 decoder
856475        - CVE-2022-38334 PDF object loop in Catalog::countPageTree
845027        - CVE-2022-38928 missing bounds check in CFF font converter caused null pointer dereference
856475        - CVE-2022-41842 PDF object loop in Catalog::countPageTree
845027        - CVE-2022-41843 missing bounds check in CFF font parser caused invalid memory access
856475        - CVE-2022-41844 PDF object loop in AcroForm::scanField
856475        - CVE-2022-43071 PDF object loop in Catalog::readPageLabelTree2
856475        - CVE-2022-43295 PDF object loop in Catalog::countPageTree
856475        - CVE-2022-45586 PDF object loop in Catalog::countPageTree
856475        - CVE-2022-45587 PDF object loop in Catalog::countPageTree
881351        - CVE-2023-2662 Divide-by-zero in Xpdf 4.04 due to bad color space object
856475        - CVE-2023-2663 PDF object loop in Catalog::readPageLabelTree2
856475        - CVE-2023-2664 PDF object loop in Catalog::readEmbeddedFileTree
908037        - CVE-2023-3044 Divide-by-zero in Xpdf 4.04 due to very large page size
              - CVE-2023-3436 Deadlock in Xpdf 4.04 due to PDF object stream references

Comment 1 Hans de Graaff gentoo-dev

2024-07-21 06:11:25 UTC

Thanks for sorting this out. I've moved fixed CVEs from other multi-CVE bugs here if there were also unfixed CVEs for those bugs, so we can keep the fixed an unfixed issues separate.

On to a stable bug :-)