Bug 1326225 (CVE-2015-8868) - CVE-2015-8868 poppler: heap buffer overflow in ExponentialFunction
Summary: CVE-2015-8868 poppler: heap buffer overflow in ExponentialFunction
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2015-8868
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1299506 1326226 1326228 1341030 1343078 1343079
Blocks: 1326229
TreeView+ depends on / blocked
 
Reported: 2016-04-12 08:21 UTC by Andrej Nemec
Modified: 2019-09-29 13:46 UTC (History)
4 users (show)

Fixed In Version: poppler 0.40.0
Doc Type: Bug Fix
Doc Text:
A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:50:36 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2580 normal SHIPPED_LIVE Moderate: poppler security and bug fix update 2016-11-03 12:07:53 UTC

Description Andrej Nemec 2016-04-12 08:21:16 UTC
A heap buffer overflow vulnerability was found in the poppler library. A maliciously crafted file could cause the application to crash.

Upstream fix:

https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433

References (reproducer attached):

http://seclists.org/oss-sec/2016/q2/56

Comment 1 Andrej Nemec 2016-04-12 08:21:43 UTC
Created mingw-poppler tracking bugs for this issue:

Affects: fedora-all [bug 1326228]

Comment 2 Andrej Nemec 2016-04-12 08:21:48 UTC
Created poppler tracking bugs for this issue:

Affects: fedora-all [bug 1326226]

Comment 7 errata-xmlrpc 2016-11-03 19:04:46 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2580 https://rhn.redhat.com/errata/RHSA-2016-2580.html


Note You need to log in before you can comment on or make changes to this bug.