Bug 491864 - Multiple PDF flaws
Multiple PDF flaws
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
source=cert,impact=important,reported...
: Security
Depends On: CVE-2009-0146/CVE-2009-0195 CVE-2009-0147 CVE-2009-0166 490707 490708 490710 490711 490712 490713 490714 490715 490716 490717 490727 490728 490729 490730 492381 492384 492385 492386 492387 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 833914
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-24 09:40 EDT by Josh Bressers
Modified: 2012-06-20 10:13 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-10-30 16:51:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Proposed patch (16.28 KB, patch)
2009-03-24 09:40 EDT, Josh Bressers
no flags Details | Diff
updated patch from upstream (18.83 KB, patch)
2009-03-27 14:11 EDT, Vincent Danen
no flags Details | Diff
Updated upstream patch, converted to unified format (16.55 KB, patch)
2009-03-30 03:37 EDT, Tomas Hoger
no flags Details | Diff
Another updated patch from upstream (26.46 KB, patch)
2009-04-01 10:28 EDT, Josh Bressers
no flags Details | Diff
Latest upstream poppler patch (24.80 KB, patch)
2009-04-13 16:05 EDT, Josh Bressers
no flags Details | Diff

  None (edit)
Description Josh Bressers 2009-03-24 09:40:08 EDT
Created attachment 336465 [details]
Proposed patch

CERT created a test archive of broken PDF files that focus on the JBIG2 image decoder contained in xpdf/poppler and variants.

Derek Noonburg created a patch that fixes all crashes the PDF archive caused.

The patch also fixes the issues CVE-2009-0146 CVE-2009-0147 CVE-2009-0166.
Comment 6 Vincent Danen 2009-03-27 14:11:13 EDT
Created attachment 337048 [details]
updated patch from upstream

This is the updated patch from Derek.
Comment 7 Tomas Hoger 2009-03-30 03:37:27 EDT
Created attachment 337193 [details]
Updated upstream patch, converted to unified format

Same patch as in comment #6 above, just converted from context diff to a lot more readable unified diff.

Interdiff against the original patch in comment #0:

--- xpdf-3.02/xpdf/JBIG2Stream.cc
+++ xpdf-3.02/xpdf/JBIG2Stream.cc
@@ -805,6 +805,10 @@
   Guint src0, src1, src, dest, s1, s2, m1, m2, m3;
   GBool oneByte;
 
+  // check for the pathological case where y = -2^31
+  if (y < -0x7fffffff) {
+    return;
+  }
   if (y < 0) {
     y0 = -y;
   } else {
Comment 9 Josh Bressers 2009-04-01 10:28:38 EDT
Created attachment 337540 [details]
Another updated patch from upstream
Comment 20 Josh Bressers 2009-04-13 16:05:25 EDT
Created attachment 339370 [details]
Latest upstream poppler patch
Comment 21 Vincent Danen 2009-04-16 17:30:01 EDT
Embargo has been lifted.
Comment 22 errata-xmlrpc 2009-04-24 03:56:04 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 3

Via RHSA-2009:0430 https://rhn.redhat.com/errata/RHSA-2009-0430.html
Comment 23 errata-xmlrpc 2009-04-24 04:05:56 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:0431 https://rhn.redhat.com/errata/RHSA-2009-0431.html
Comment 24 errata-xmlrpc 2009-04-24 04:24:23 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:0428 https://rhn.redhat.com/errata/RHSA-2009-0428.html
Comment 25 errata-xmlrpc 2009-04-24 04:26:44 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:0429 https://rhn.redhat.com/errata/RHSA-2009-0429.html
Comment 26 errata-xmlrpc 2009-04-30 16:58:33 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:0458 https://rhn.redhat.com/errata/RHSA-2009-0458.html
Comment 27 errata-xmlrpc 2009-05-13 10:32:55 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:0480 https://rhn.redhat.com/errata/RHSA-2009-0480.html

Note You need to log in before you can comment on or make changes to this bug.