Summary: | New security issues | ||
---|---|---|---|
Product: | poppler | Reporter: | Martin Pitt <martin.pitt> |
Component: | general | Assignee: | Kristian Høgsberg <krh> |
Status: | RESOLVED FIXED | QA Contact: | |
Severity: | critical | ||
Priority: | high | ||
Version: | unspecified | ||
Hardware: | x86 (IA32) | ||
OS: | Linux (All) | ||
URL: | http://scary.beasts.org/security/b0dfca810501f2da/CESA-2005-003.txt | ||
Whiteboard: | |||
i915 platform: | i915 features: | ||
Attachments: |
patch
real patch |
Description
Martin Pitt
2006-01-05 23:46:52 UTC
Created attachment 4246 [details] [review] patch For your convenience and for the CVE numbers, this is the changelog I used: * SECURITY UPDATE: Multiple integer/buffer overflows. * Add debian/patches/003-CVE-2005-3624_5_7.patch: - poppler/Stream.cc, CCITTFaxStream::CCITTFaxStream(): + Check columns for negative or large values. + CVE-2005-3624 - poppler/Stream.cc, numComps checks introduced in CVE-2005-3191 patch: + Reset numComps to 0 since it's a global variable that is used later. + CVE-2005-3627 - poppler/Stream.cc, DCTStream::readHuffmanTables(): + Fix out of bounds array access in Huffman tables. + CVE-2005-3627 - poppler/Stream.cc, DCTStream::readMarker(): + Check for EOF in while loop to prevent endless loops. + CVE-2005-3625 - poppler/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(), JBIG2Stream::readHalftoneRegionSeg(): + Check user supplied width and height against invalid values. + Allocate one extra byte to prevent out of bounds access in combine(). Created attachment 4247 [details] [review] real patch hmm, something went wrong with the previous attachment, sorry. Thanks, committed to 0.4.3. What about CVE-2005-3626? I can't reproduce the FlateStream crash described in CVE-2005-3626 with the PDF mentioned in CESA-2005-003.txt: http://scary.beasts.org/misc/pending/bad6.pdf so I'm going to assume that's fixed. Closing bug. (In reply to comment #3) > Thanks, committed to 0.4.3. What about CVE-2005-3626? This was indeed a newly discovered vulnerability, but the previous set of patches (CVE-2005-319[123] already covered it, so it cannot be exploited any more. So please feel free to add CVE-2005-3626 to the changelog. Also, CVE-2005-3628 was assigned to the fixes in xpdf/JBIG2Stream.cc. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.