Bug 537471 (CVE-2009-3938)

Summary: CVE-2009-3938 poppler buffer overflow in the ABWOutputDev::endWord function
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: rdieter, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-11-23 08:15:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 538691    
Bug Blocks:    

Description Josh Bressers 2009-11-13 18:57:30 UTC 
Buffer overflow in the ABWOutputDev::endWord function in
poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0,
and possibly other versions, as used by the Abiword pdftoabw utility,
allows user-assisted remote attackers to cause a denial of service and
possibly execute arbitrary code via a crafted PDF file.


Reference: MISC:http://bugs.freedesktop.org/attachment.cgi?id=30599&action=edit
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534680
Reference: CONFIRM:http://bugs.freedesktop.org/show_bug.cgi?id=23074
Reference: BID:36976
Reference: URL:http://www.securityfocus.com/bid/36976
Reference: SECUNIA:37333
Reference: URL:http://secunia.com/advisories/37333
Reference: VUPEN:ADV-2009-3227
Reference: URL:http://www.vupen.com/english/advisories/2009/3227
Reference: XF:poppler-abwoutputdev-bo(54215)
Reference: URL:http://xforce.iss.net/xforce/xfdb/54215
Comment 1 Vincent Danen 2009-11-19 05:00:12 UTC 
This issue does not affect poppler in Red Hat Enterprise Linux 5; the vulnerable program (pdftoabw) is not present, nor is the vulnerable source file or function.

The program in question was added 2007-04-03 (0.5.9).

This does affect Fedora 10, 11, and 12.
Comment 3 Tomas Hoger 2009-11-23 08:14:37 UTC 
(In reply to comment #1)

> This does affect Fedora 10, 11, and 12.

I don't see pdftoabw in Fedora poppler packages.  Looking into build logs on F-10 to F-12, I see this in configure summary:

  Building poppler with support for:
    ...
    abiword output:     no

So Fedora is fine too unless packages are rebuilt with abiword support enabled but without a fix.
Comment 4 Rex Dieter 2009-11-23 13:51:37 UTC 
Thanks for the notice... I'd been tempted to (re)enable abiword output, but will now certainly wait until it can be confirmed to be safe/secure.