Bug 2234530 (CVE-2022-37052)

Summary: CVE-2022-37052 poppler: reachable assertion due to a failure in markObject()
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: desktop-qa-list, erack, jhorak, jridky, mkasik, stransky, tkorbar, zdohnal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in Poppler, where a reachable assertion allows attackers to cause a denial of service due to a failure in markObject.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2234569, 2234567, 2234570, 2234571, 2234572, 2234574, 2234575, 2234576, 2234578, 2234579, 2234581, 2234582, 2234583, 2234584, 2234585    
Bug Blocks: 2234525    

Description Guilherme de Almeida Suckevicz 2023-08-24 18:50:27 UTC 
A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.

Reference:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278
Comment 1 Guilherme de Almeida Suckevicz 2023-08-24 18:59:17 UTC 
Created mingw-poppler tracking bugs for this issue:

Affects: fedora-all [bug 2234567]


Created poppler tracking bugs for this issue:

Affects: fedora-all [bug 2234569]