Bug 2211678 (CVE-2023-2241)

Summary: CVE-2023-2241 podofo: heap buffer overread
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-02 01:47:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2211679, 2211680    
Bug Blocks:    

Description Marian Rehak 2023-06-01 13:29:28 UTC 
A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.

https://vuldb.com/?ctiid.227226
https://github.com/podofo/podofo/issues/69
https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778
https://vuldb.com/?id.227226
https://github.com/podofo/podofo/files/11260976/poc-file.zip
Comment 1 Marian Rehak 2023-06-01 13:29:47 UTC 
Created podofo tracking bugs for this issue:

Affects: epel-7 [bug 2211679]
Affects: fedora-all [bug 2211680]
Comment 2 Product Security DevOps Team 2023-06-02 01:47:27 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.