Bug 1797453 (CVE-2019-14494) - CVE-2019-14494 poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc
Summary: CVE-2019-14494 poppler: divide-by-zero in function SplashOutputDev::tilingPat...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-14494
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1797456 1801340 1801341
Blocks: 1797455
TreeView+ depends on / blocked
 
Reported: 2020-02-03 08:23 UTC by Dhananjay Arunesh
Modified: 2021-02-16 20:40 UTC (History)
10 users (show)

Fixed In Version: poppler 0.79.0
Doc Type: If docs needed, set a value
Doc Text:
A divide-by-zero error was found in the way Poppler handled certain PDF files. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by an application linked to Poppler, would crash the application causing a denial of service.
Clone Of:
Environment:
Last Closed: 2020-09-29 21:59:37 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:3977 0 None None None 2020-09-29 20:16:51 UTC
Red Hat Product Errata RHSA-2020:4643 0 None None None 2020-11-04 02:36:46 UTC

Description Dhananjay Arunesh 2020-02-03 08:23:15 UTC
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

Reference:
https://gitlab.freedesktop.org/poppler/poppler/issues/802
https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317

Comment 1 Dhananjay Arunesh 2020-02-03 08:24:27 UTC
Created poppler tracking bugs for this issue:

Affects: fedora-all [bug 1797456]

Comment 3 Mauro Matteo Cascella 2020-02-10 15:13:35 UTC
Function tilingPatternFill() was defined in SplashOutputDev.cc in Poppler upstream version 0.17.0 with commit https://gitlab.freedesktop.org/poppler/poppler/commit/abf167af.

Red Hat Enterprise Linux 5 and 6 ship older versions of Poppler (0.5.4 and 0.12.4 respectively) that do not include the vulnerable function and, consequently, are not affected by this flaw.

Comment 4 Mauro Matteo Cascella 2020-02-10 15:17:15 UTC
Statement:

This flaw did not affect the versions of Poppler as shipped with Red Hat Enterprise Linux 5 and 6, as they did not include the vulnerable code.

Comment 7 errata-xmlrpc 2020-09-29 20:16:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:3977 https://access.redhat.com/errata/RHSA-2020:3977

Comment 8 Product Security DevOps Team 2020-09-29 21:59:37 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-14494

Comment 9 errata-xmlrpc 2020-11-04 02:36:45 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4643 https://access.redhat.com/errata/RHSA-2020:4643


Note You need to log in before you can comment on or make changes to this bug.