A flaw was found in Poppler 0.72.0. A reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc file allows attackers to cause a denial of service due to the lack of a check for the dict data type. References: https://gitlab.freedesktop.org/poppler/poppler/issues/704 Upstream Patch: https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7
Created mingw-poppler tracking bugs for this issue: Affects: fedora-all [bug 1665265] Created poppler tracking bugs for this issue: Affects: fedora-all [bug 1665264]
Reproducible on Red Hat Enterprise Linux 7. ``` Program received signal SIGABRT, Aborted. 0x00007ffff5b07207 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:55 55 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-13.el7.x86_64 expat-2.1.0-10.el7_3.x86_64 jbigkit-libs-2.0-11.el7.x86_64 libuuid-2.23.2-59.el7.x86_64 (gdb) bt #0 0x00007ffff5b07207 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:55 #1 0x00007ffff5b088f8 in __GI_abort () at abort.c:90 #2 0x00007ffff7a3c755 in dictLookupNF (key=<optimized out>, this=<optimized out>, this=<optimized out>, obj=<optimized out>) at Object.h:323 #3 FileSpec::FileSpec (this=0x6362a0, fileSpecA=<optimized out>) at FileSpec.cc:131 #4 0x0000000000401977 in main (argc=2, argv=<optimized out>) at pdfdetach.cc:176 ```
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2022
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-20650
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2713 https://access.redhat.com/errata/RHSA-2019:2713