Bug 1445362 (CVE-2017-7994, CVE-2017-8053, CVE-2017-8054, CVE-2017-8378, CVE-2017-8787, CVE-2018-5295, CVE-2018-5296)

Summary: CVE-2017-8378 CVE-2017-7994 CVE-2017-8053 CVE-2017-8054 CVE-2017-8787 CVE-2018-5295 CVE-2018-5296 podofo: Multiple security vulnerabilities
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: dan, manisandro
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:11:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1438434, 1438436    
Bug Blocks:    

Description Andrej Nemec 2017-04-25 14:23:55 UTC 
Multiple vulnerabilities were published for podofo.

CVE-2017-7994:
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

CVE-2017-8053:
PoDoFo allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).

CVE-2017-8054:
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo allows attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.
Comment 1 Andrej Nemec 2017-04-25 14:25:05 UTC 
Created podofo tracking bugs for this issue:

Affects: fedora-all [bug 1438436]
Affects: epel-all [bug 1438434]
Comment 2 Andrej Nemec 2017-05-02 07:59:25 UTC 
CVE-2017-8378:

Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.

References:

https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects
Comment 3 Andrej Nemec 2017-05-09 14:23:21 UTC 
CVE-2017-8787:

The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.
Comment 4 Andrej Nemec 2018-01-09 10:02:31 UTC 
CVE-2018-5295:

In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

https://bugzilla.redhat.com/show_bug.cgi?id=1531897

CVE-2018-5296:

In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

https://bugzilla.redhat.com/show_bug.cgi?id=1531956
Comment 5 Product Security DevOps Team 2019-06-08 03:11:29 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.