FS#57528 - [xpdf] Multiple vulnerabilities
Attached to Project:
Community Packages
Opened by Karol Babioch (johnpatcher) - Friday, 16 February 2018, 08:56 GMT
Last edited by Toolybird (Toolybird) - Friday, 05 May 2023, 03:04 GMT
Opened by Karol Babioch (johnpatcher) - Friday, 16 February 2018, 08:56 GMT
Last edited by Toolybird (Toolybird) - Friday, 05 May 2023, 03:04 GMT
|
Details
CVE-2018-7173
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. https://forum.xpdfreader.com/viewtopic.php?f=3&t=607 CVE-2018-7174 An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. https://forum.xpdfreader.com/viewtopic.php?f=3&t=605 CVE-2018-7175 An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components. https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 References: https://bugzilla.redhat.com/show_bug.cgi?id=1546052 |
This task depends upon
CVE-2018-7452
CVE-2018-7453
CVE-2018-7454
CVE-2018-7455
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.
CVE-2019-17064 fixed by [2]
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
[1] https://src.fedoraproject.org/rpms/xpdf/raw/master/f/xpdf-4.02-CVE-2019-12360.patch
[2] https://src.fedoraproject.org/rpms/xpdf/raw/master/f/xpdf-4.02-CVE-2019-17064.patch
Edit: See also [2] which says fixed
[1] https://www.xpdfreader.com/security-fixes.html
[2] https://security.archlinux.org/AVG-640