Bug 638835
Summary: | poppler/xpdf: multiple vulnerabilities | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED NOTABUG | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | mkasik, rdieter, than, twaugh | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-10-06 14:35:09 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 595245, 638960, 639356 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Huzaifa S. Sidhpurwala
2010-09-30 05:31:36 UTC
e853106b58, 39d140bfc0 and bf2055088a are tracked via separate bugs. Some of the referenced commits are not classified as security fixes, for the summary, see: http://thread.gmane.org/gmane.comp.security.oss.general/3584/focus=3596 Crash mentioned in 2fe825deac commit message seems to be OBJECT_TYPE_CHECK abort, with impact limited to unexpected application termination and is not classified as security fix. This check and abort is specific to more recent poppler versions, the check does not exist in xpdf or RHEL5 poppler version. There are additional instance of this problem in poppler code: https://bugs.freedesktop.org/show_bug.cgi?id=30590 Created attachment 451301 [details]
2fe825deac reproducer
Triggers abort when reading malformed /BBox
Issue are tracked using separate bugs mentioned in "Depends on". |