Bug 526911 (CVE-2009-3604)
Summary: | CVE-2009-3604 xpdf/poppler: Splash::drawImage integer overflow and missing allocation return value check | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | jrb, kreilly, mkasik, rdieter, smaitra, tcallawa, than | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-07-08 16:27:34 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 527413, 527414, 527454, 527455, 527456, 527457, 527468, 527469, 530890, 833916 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Tomas Hoger
2009-10-02 13:30:23 UTC
Created attachment 363485 [details]
xpdf upstream patch from Derek B. Noonburg
Splash outupt device used in newer Xpdf versions (or at least some parts of it) is derived from XOutputDev used in older Xpdf versions. This flaw also exists in XOutputDev in Xpdf 2.x versions Fixed now in xpdf 3.02pl4: ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch https://bugzilla.redhat.com/show_bug.cgi?id=526637#c14 (In reply to comment #0) > This was already fixed in poppler as part of preventive gmalloc -> gmallocn > changes: > http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb2 poppler commits adding mentioned gmalloc -> gmallocn changes: 0131f0a01c 7b2d314a61 c399b2d512 9cf2325fb2 284a928996 (note: two of those commits revert mistakes from previous ones) Full patch: http://cgit.freedesktop.org/poppler/poppler/diff/?id=284a928996&id2=75c3466ba2 This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1502 https://rhn.redhat.com/errata/RHSA-2009-1502.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1501 https://rhn.redhat.com/errata/RHSA-2009-1501.html This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2009:1500 https://rhn.redhat.com/errata/RHSA-2009-1500.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1503 https://rhn.redhat.com/errata/RHSA-2009-1503.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1512 https://rhn.redhat.com/errata/RHSA-2009-1512.html xpdf-3.02-15.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. xpdf-3.02-15.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. poppler-0.8.7-7.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/poppler-0.8.7-7.fc10 poppler-0.10.7-3.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/poppler-0.10.7-3.fc11 poppler-0.8.7-7.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. poppler-0.10.7-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. xpdf-3.02-15.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. pdfedit-0.4.3-4.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. pdfedit-0.4.3-4.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. pdfedit-0.4.3-4.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. |