Bug 501716 - latest poppler security fix breaks compatibility with Xerox WorkCentre generated pdf documents
latest poppler security fix breaks compatibility with Xerox WorkCentre genera...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: poppler (Show other bugs)
5.3
All Linux
urgent Severity high
: rc
: ---
Assigned To: Marek Kašík
Desktop QE
: Regression, ZStream
Depends On:
Blocks: 499522 528146 528147 575136
  Show dependency treegraph
 
Reported: 2009-05-20 09:28 EDT by Tuomo Soini
Modified: 2016-04-26 11:55 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 575136 (view as bug list)
Environment:
Last Closed: 2012-02-21 01:11:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Sample pdf generated by xerox workcentre (187.96 KB, application/pdf)
2009-05-20 09:33 EDT, Tuomo Soini
no flags Details
more work done to the segment dict (2.65 KB, patch)
2009-08-17 13:27 EDT, Adam Stokes
no flags Details | Diff
a patch fixing reading of arithmetically encoded JBIG2 images with unknown length (1.19 KB, patch)
2009-09-18 06:22 EDT, Marek Kašík
no flags Details | Diff

  None (edit)
Description Tuomo Soini 2009-05-20 09:28:02 EDT
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tuomo Soini 2009-05-20 09:31:44 EDT
poppler security fix version 0.5.4-4.4.el5_3.9 makes evince incapable in showing pdf documents generated by Xerox WorkCentre scanner.

previous version of poppler could show documents just fine.

Please fix this regression.

btw. fc10 poppler can handle these same files just fine.
Comment 2 Tuomo Soini 2009-05-20 09:33:19 EDT
Created attachment 344803 [details]
Sample pdf generated by xerox workcentre
Comment 7 Adam Stokes 2009-08-17 13:27:28 EDT
Created attachment 357677 [details]
more work done to the segment dict
Comment 8 Adam Stokes 2009-08-17 13:28:22 EDT
Im thinking the CVE-2009-0146.CVE-2009-0147.CVE-2009-0166.patch was incomplete and I have created an additional patch based off poppler-0.5.4-8 in order to fix this bug.

Thanks,
Adam
Comment 10 Tuomo Soini 2009-08-18 07:47:37 EDT
Your additional patch doesn't apply rhel-5.3 poppler so I couldn't test it.
Comment 11 Adam Stokes 2009-08-18 09:27:03 EDT
If I got you some test packages would you be willing to test it?

Thanks,
Adam
Comment 12 Tuomo Soini 2009-08-18 10:29:39 EDT
Yes, of course. That's why I commented.
Comment 13 Adam Stokes 2009-08-18 10:37:28 EDT
Tuomo,

Here you go:

http://astokes.fedorapeople.org/rhbz501716/

I've provided the srpm as well if you wish to make anymore modifications to the patch or if you need to build for another arch.

Thanks,
Adam
Comment 16 Tuomo Soini 2009-08-20 01:45:57 EDT
Seems like test packages really do fix this issue. I was able to open my scanned documents without problems.
Comment 17 Adam Stokes 2009-08-20 09:40:57 EDT
Sounds good, I'll be in contact with the engineer to get this properly ack'd so it can make it into an update.

Thanks,
Adam
Comment 19 Christopher Aillon 2009-09-09 18:37:17 EDT
Marek, since you did the last few updates, can you look into this?
Comment 22 Marek Kašík 2009-09-18 06:22:42 EDT
Created attachment 361622 [details]
a patch fixing reading of arithmetically encoded JBIG2 images with unknown length

The problem here is that poppler doesn't read arithmetically encoded JBIG2 images
correctly. The pdf has generic region segment with length 0xffffffff which signals that actual length is not known and that there is a termination sequence at the end of the segment + 4 bytes long row count. The row count is not read as a part of this segment and poppler handles these 4 bytes as a beginning of a new segment. But the new segment has only 4 bytes, so, further reading raises EOF error.

Attached patch fixes this.

Marek
Comment 23 Tuomo Soini 2009-09-18 12:34:10 EDT
Marek, yes your fix seen to solve this problem. I applied that patch over latest rhel poppler and not it works for me.
Comment 36 errata-xmlrpc 2012-02-21 01:11:18 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0236.html

Note You need to log in before you can comment on or make changes to this bug.