Bug 1687383 (CVE-2019-9587)

Summary: CVE-2019-9587 xpdf: stack consumption in function md5Round1() in Decrypt.cc
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: pertusus, tcallawa
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:50:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1687398, 1687400    
Bug Blocks:    

Description Dhananjay Arunesh 2019-03-11 12:29:12 UTC 
There is a stack consumption issue in md5Round1() located in Decrypt.cc in
Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for
example) the pdfimages binary. It allows an attacker to cause Denial of
Service (Segmentation fault) or possibly have unspecified other impact.
This is related to Catalog::countPageTree.

References:
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41263
https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01/
Comment 1 Dhananjay Arunesh 2019-03-11 12:48:15 UTC 
Created xpdf tracking bugs for this issue:

Affects: fedora-all [bug 1687398]
Comment 2 Dhananjay Arunesh 2019-03-11 12:48:53 UTC 
Created xpdf tracking bugs for this issue:

Affects: epel-all [bug 1687400]
Comment 3 Product Security DevOps Team 2019-06-10 10:50:17 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.