Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#57528 - [xpdf] Multiple vulnerabilities
Attached to Project:
Community Packages
Opened by Karol Babioch (johnpatcher) - Friday, 16 February 2018, 08:56 GMT
Last edited by Doug Newgard (Scimmia) - Saturday, 17 February 2018, 16:37 GMT
Opened by Karol Babioch (johnpatcher) - Friday, 16 February 2018, 08:56 GMT
Last edited by Doug Newgard (Scimmia) - Saturday, 17 February 2018, 16:37 GMT
|
DetailsCVE-2018-7173
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. https://forum.xpdfreader.com/viewtopic.php?f=3&t=607 CVE-2018-7174 An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. https://forum.xpdfreader.com/viewtopic.php?f=3&t=605 CVE-2018-7175 An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components. https://forum.xpdfreader.com/viewtopic.php?f=3&t=613 References: https://bugzilla.redhat.com/show_bug.cgi?id=1546052 |
This task depends upon
CVE-2018-7452
CVE-2018-7453
CVE-2018-7454
CVE-2018-7455
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.
CVE-2019-17064 fixed by [2]
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
[1] https://src.fedoraproject.org/rpms/xpdf/raw/master/f/xpdf-4.02-CVE-2019-12360.patch
[2] https://src.fedoraproject.org/rpms/xpdf/raw/master/f/xpdf-4.02-CVE-2019-17064.patch