Bug 491864 - Multiple PDF flaws
Summary: Multiple PDF flaws
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: CVE-2009-0146, CVE-2009-0195 CVE-2009-0147 CVE-2009-0166 490707 490708 490710 490711 490712 490713 490714 490715 490716 490717 490727 490728 490729 490730 492381 492384 492385 492386 492387 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 833914
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-03-24 13:40 UTC by Josh Bressers
Modified: 2019-09-29 12:29 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-10-30 20:51:41 UTC


Attachments (Terms of Use)
Proposed patch (16.28 KB, patch)
2009-03-24 13:40 UTC, Josh Bressers
no flags Details | Diff
updated patch from upstream (18.83 KB, patch)
2009-03-27 18:11 UTC, Vincent Danen
no flags Details | Diff
Updated upstream patch, converted to unified format (16.55 KB, patch)
2009-03-30 07:37 UTC, Tomas Hoger
no flags Details | Diff
Another updated patch from upstream (26.46 KB, patch)
2009-04-01 14:28 UTC, Josh Bressers
no flags Details | Diff
Latest upstream poppler patch (24.80 KB, patch)
2009-04-13 20:05 UTC, Josh Bressers
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:0428 normal SHIPPED_LIVE Moderate: cups security update 2009-04-16 22:51:31 UTC
Red Hat Product Errata RHSA-2009:0429 normal SHIPPED_LIVE Important: cups security update 2009-04-16 22:52:28 UTC
Red Hat Product Errata RHSA-2009:0430 normal SHIPPED_LIVE Important: xpdf security update 2009-04-16 22:52:59 UTC
Red Hat Product Errata RHSA-2009:0431 normal SHIPPED_LIVE Important: kdegraphics security update 2009-04-16 22:53:18 UTC
Red Hat Product Errata RHSA-2009:0458 normal SHIPPED_LIVE Important: gpdf security update 2009-04-30 20:58:15 UTC
Red Hat Product Errata RHSA-2009:0480 normal SHIPPED_LIVE Important: poppler security update 2009-05-13 14:32:34 UTC

Description Josh Bressers 2009-03-24 13:40:08 UTC
Created attachment 336465 [details]
Proposed patch

CERT created a test archive of broken PDF files that focus on the JBIG2 image decoder contained in xpdf/poppler and variants.

Derek Noonburg created a patch that fixes all crashes the PDF archive caused.

The patch also fixes the issues CVE-2009-0146 CVE-2009-0147 CVE-2009-0166.

Comment 6 Vincent Danen 2009-03-27 18:11:13 UTC
Created attachment 337048 [details]
updated patch from upstream

This is the updated patch from Derek.

Comment 7 Tomas Hoger 2009-03-30 07:37:27 UTC
Created attachment 337193 [details]
Updated upstream patch, converted to unified format

Same patch as in comment #6 above, just converted from context diff to a lot more readable unified diff.

Interdiff against the original patch in comment #0:

--- xpdf-3.02/xpdf/JBIG2Stream.cc
+++ xpdf-3.02/xpdf/JBIG2Stream.cc
@@ -805,6 +805,10 @@
   Guint src0, src1, src, dest, s1, s2, m1, m2, m3;
   GBool oneByte;
 
+  // check for the pathological case where y = -2^31
+  if (y < -0x7fffffff) {
+    return;
+  }
   if (y < 0) {
     y0 = -y;
   } else {

Comment 9 Josh Bressers 2009-04-01 14:28:38 UTC
Created attachment 337540 [details]
Another updated patch from upstream

Comment 20 Josh Bressers 2009-04-13 20:05:25 UTC
Created attachment 339370 [details]
Latest upstream poppler patch

Comment 21 Vincent Danen 2009-04-16 21:30:01 UTC
Embargo has been lifted.

Comment 22 errata-xmlrpc 2009-04-24 07:56:04 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 3

Via RHSA-2009:0430 https://rhn.redhat.com/errata/RHSA-2009-0430.html

Comment 23 errata-xmlrpc 2009-04-24 08:05:56 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:0431 https://rhn.redhat.com/errata/RHSA-2009-0431.html

Comment 24 errata-xmlrpc 2009-04-24 08:24:23 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:0428 https://rhn.redhat.com/errata/RHSA-2009-0428.html

Comment 25 errata-xmlrpc 2009-04-24 08:26:44 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:0429 https://rhn.redhat.com/errata/RHSA-2009-0429.html

Comment 26 errata-xmlrpc 2009-04-30 20:58:33 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:0458 https://rhn.redhat.com/errata/RHSA-2009-0458.html

Comment 27 errata-xmlrpc 2009-05-13 14:32:55 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:0480 https://rhn.redhat.com/errata/RHSA-2009-0480.html


Note You need to log in before you can comment on or make changes to this bug.