Bug 491864 - Multiple PDF flaws
Summary: Multiple PDF flaws
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: CVE-2009-0146, CVE-2009-0195 CVE-2009-0147 CVE-2009-0166 490707 490708 490710 490711 490712 490713 490714 490715 490716 490717 490727 490728 490729 490730 492381 492384 492385 492386 492387 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 833914
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-03-24 13:40 UTC by Josh Bressers
Modified: 2019-09-29 12:29 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-10-30 20:51:41 UTC
Embargoed:

Attachments (Terms of Use)
Proposed patch (16.28 KB, patch)
2009-03-24 13:40 UTC, Josh Bressers 		no flags Details | Diff
updated patch from upstream (18.83 KB, patch)
2009-03-27 18:11 UTC, Vincent Danen 		no flags Details | Diff
Updated upstream patch, converted to unified format (16.55 KB, patch)
2009-03-30 07:37 UTC, Tomas Hoger 		no flags Details | Diff
Another updated patch from upstream (26.46 KB, patch)
2009-04-01 14:28 UTC, Josh Bressers 		no flags Details | Diff
Latest upstream poppler patch (24.80 KB, patch)
2009-04-13 20:05 UTC, Josh Bressers 		no flags Details | Diff
Show Obsolete (3) View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:0428 0 normal SHIPPED_LIVE Moderate: cups security update 2009-04-16 22:51:31 UTC
Red Hat Product Errata RHSA-2009:0429 0 normal SHIPPED_LIVE Important: cups security update 2009-04-16 22:52:28 UTC
Red Hat Product Errata RHSA-2009:0430 0 normal SHIPPED_LIVE Important: xpdf security update 2009-04-16 22:52:59 UTC
Red Hat Product Errata RHSA-2009:0431 0 normal SHIPPED_LIVE Important: kdegraphics security update 2009-04-16 22:53:18 UTC
Red Hat Product Errata RHSA-2009:0458 0 normal SHIPPED_LIVE Important: gpdf security update 2009-04-30 20:58:15 UTC
Red Hat Product Errata RHSA-2009:0480 0 normal SHIPPED_LIVE Important: poppler security update 2009-05-13 14:32:34 UTC

Description Josh Bressers 2009-03-24 13:40:08 UTC 
Created attachment 336465 [details]
Proposed patch

CERT created a test archive of broken PDF files that focus on the JBIG2 image decoder contained in xpdf/poppler and variants.

Derek Noonburg created a patch that fixes all crashes the PDF archive caused.

The patch also fixes the issues CVE-2009-0146 CVE-2009-0147 CVE-2009-0166.
Comment 6 Vincent Danen 2009-03-27 18:11:13 UTC 
Created attachment 337048 [details]
updated patch from upstream

This is the updated patch from Derek.
Comment 7 Tomas Hoger 2009-03-30 07:37:27 UTC 
Created attachment 337193 [details]
Updated upstream patch, converted to unified format

Same patch as in comment #6 above, just converted from context diff to a lot more readable unified diff.

Interdiff against the original patch in comment #0:

--- xpdf-3.02/xpdf/JBIG2Stream.cc
+++ xpdf-3.02/xpdf/JBIG2Stream.cc
@@ -805,6 +805,10 @@
   Guint src0, src1, src, dest, s1, s2, m1, m2, m3;
   GBool oneByte;
 
+  // check for the pathological case where y = -2^31
+  if (y < -0x7fffffff) {
+    return;
+  }
   if (y < 0) {
     y0 = -y;
   } else {
Comment 9 Josh Bressers 2009-04-01 14:28:38 UTC 
Created attachment 337540 [details]
Another updated patch from upstream
Comment 20 Josh Bressers 2009-04-13 20:05:25 UTC 
Created attachment 339370 [details]
Latest upstream poppler patch
Comment 21 Vincent Danen 2009-04-16 21:30:01 UTC 
Embargo has been lifted.
Comment 22 errata-xmlrpc 2009-04-24 07:56:04 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 3

Via RHSA-2009:0430 https://rhn.redhat.com/errata/RHSA-2009-0430.html
Comment 23 errata-xmlrpc 2009-04-24 08:05:56 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:0431 https://rhn.redhat.com/errata/RHSA-2009-0431.html
Comment 24 errata-xmlrpc 2009-04-24 08:24:23 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3

Via RHSA-2009:0428 https://rhn.redhat.com/errata/RHSA-2009-0428.html
Comment 25 errata-xmlrpc 2009-04-24 08:26:44 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2009:0429 https://rhn.redhat.com/errata/RHSA-2009-0429.html
Comment 26 errata-xmlrpc 2009-04-30 20:58:33 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2009:0458 https://rhn.redhat.com/errata/RHSA-2009-0458.html
Comment 27 errata-xmlrpc 2009-05-13 14:32:55 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:0480 https://rhn.redhat.com/errata/RHSA-2009-0480.html
Note You need to log in before you can comment on or make changes to this bug.