Bug 488337 - (CVE-2009-0755) CVE-2009-0755 poppler/evince: DoS via crafted PDF file
CVE-2009-0755 poppler/evince: DoS via crafted PDF file
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://web.nvd.nist.gov/view/vuln/det...
impact=low,source=osssecurity,reporte...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-03 14:03 EST by Vincent Danen
Modified: 2009-12-04 09:55 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-12-04 09:55:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2009-03-03 14:03:27 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0755 to
the following vulnerability:

Name: CVE-2009-0755
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755
Assigned: 20090303
Reference: MLIST:[oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2009/02/13/1
Reference: MLIST:[oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2009/02/19/2
Reference: MLIST:[poppler] 20090128 poppler/Form.cc
Reference: URL: http://lists.freedesktop.org/archives/poppler/2009-January/004406.html
Reference: CONFIRM: http://bugs.freedesktop.org/show_bug.cgi?id=19790
Reference: SECUNIA:33853
Reference: URL: http://secunia.com/advisories/33853

The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4
allows remote attackers to cause a denial of service (crash) via a PDF
file with an invalid Form Opt entry.
Comment 1 Tomas Hoger 2009-07-15 09:07:02 EDT
Upstream commit is:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=1fc342eadcbbb41302f190b215c5daf23c9ec9b1

This causes out of bounds read and crash.

Affected code is not part of poppler shipped in Red Hat Enterprise Linux 5, any xpdf version (including latest upstream 3.02pl3), or any other xpdf-based reader shipped in Red Hat Enterprise Linux 3, 4, or 5.

Fedora 11 and later currently includes poppler 0.10.5 or later, which already contains the fix.  This flaw only exists in Fedora 10 at the moment.  So possible candidate for inclusion in future F10 poppler update, if any.
Comment 2 Tomas Hoger 2009-12-04 09:55:28 EST
As noted above, this currently only affect poppler version in F10.  As F10 will reach EOL soon and no other poppler update is planned for more important bug or security fix, this will remain unfixed in F10.

Note You need to log in before you can comment on or make changes to this bug.