Bug 488337 (CVE-2009-0755)

Summary: CVE-2009-0755 poppler/evince: DoS via crafted PDF file
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jrb, rdieter
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0755
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-12-04 14:55:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vincent Danen 2009-03-03 19:03:27 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0755 to
the following vulnerability:

Name: CVE-2009-0755
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755
Assigned: 20090303
Reference: MLIST:[oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2009/02/13/1
Reference: MLIST:[oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2009/02/19/2
Reference: MLIST:[poppler] 20090128 poppler/Form.cc
Reference: URL: http://lists.freedesktop.org/archives/poppler/2009-January/004406.html
Reference: CONFIRM: http://bugs.freedesktop.org/show_bug.cgi?id=19790
Reference: SECUNIA:33853
Reference: URL: http://secunia.com/advisories/33853

The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4
allows remote attackers to cause a denial of service (crash) via a PDF
file with an invalid Form Opt entry.
Comment 1 Tomas Hoger 2009-07-15 13:07:02 UTC 
Upstream commit is:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=1fc342eadcbbb41302f190b215c5daf23c9ec9b1

This causes out of bounds read and crash.

Affected code is not part of poppler shipped in Red Hat Enterprise Linux 5, any xpdf version (including latest upstream 3.02pl3), or any other xpdf-based reader shipped in Red Hat Enterprise Linux 3, 4, or 5.

Fedora 11 and later currently includes poppler 0.10.5 or later, which already contains the fix.  This flaw only exists in Fedora 10 at the moment.  So possible candidate for inclusion in future F10 poppler update, if any.
Comment 2 Tomas Hoger 2009-12-04 14:55:28 UTC 
As noted above, this currently only affect poppler version in F10.  As F10 will reach EOL soon and no other poppler update is planned for more important bug or security fix, this will remain unfixed in F10.