Created attachment 336465 [details] Proposed patch CERT created a test archive of broken PDF files that focus on the JBIG2 image decoder contained in xpdf/poppler and variants. Derek Noonburg created a patch that fixes all crashes the PDF archive caused. The patch also fixes the issues CVE-2009-0146 CVE-2009-0147 CVE-2009-0166.
Created attachment 337048 [details] updated patch from upstream This is the updated patch from Derek.
Created attachment 337193 [details] Updated upstream patch, converted to unified format Same patch as in comment #6 above, just converted from context diff to a lot more readable unified diff. Interdiff against the original patch in comment #0: --- xpdf-3.02/xpdf/JBIG2Stream.cc +++ xpdf-3.02/xpdf/JBIG2Stream.cc @@ -805,6 +805,10 @@ Guint src0, src1, src, dest, s1, s2, m1, m2, m3; GBool oneByte; + // check for the pathological case where y = -2^31 + if (y < -0x7fffffff) { + return; + } if (y < 0) { y0 = -y; } else {
Created attachment 337540 [details] Another updated patch from upstream
Created attachment 339370 [details] Latest upstream poppler patch
Embargo has been lifted.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 3 Via RHSA-2009:0430 https://rhn.redhat.com/errata/RHSA-2009-0430.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:0431 https://rhn.redhat.com/errata/RHSA-2009-0431.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2009:0428 https://rhn.redhat.com/errata/RHSA-2009-0428.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:0429 https://rhn.redhat.com/errata/RHSA-2009-0429.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:0458 https://rhn.redhat.com/errata/RHSA-2009-0458.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0480 https://rhn.redhat.com/errata/RHSA-2009-0480.html