Red Hat Bugzilla – Bug 501716
latest poppler security fix breaks compatibility with Xerox WorkCentre generated pdf documents
Last modified: 2016-04-26 11:55:11 EDT
Description of problem:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
poppler security fix version 0.5.4-4.4.el5_3.9 makes evince incapable in showing pdf documents generated by Xerox WorkCentre scanner.
previous version of poppler could show documents just fine.
Please fix this regression.
btw. fc10 poppler can handle these same files just fine.
Created attachment 344803 [details]
Sample pdf generated by xerox workcentre
Created attachment 357677 [details]
more work done to the segment dict
Im thinking the CVE-2009-0146.CVE-2009-0147.CVE-2009-0166.patch was incomplete and I have created an additional patch based off poppler-0.5.4-8 in order to fix this bug.
Your additional patch doesn't apply rhel-5.3 poppler so I couldn't test it.
If I got you some test packages would you be willing to test it?
Yes, of course. That's why I commented.
Here you go:
I've provided the srpm as well if you wish to make anymore modifications to the patch or if you need to build for another arch.
Seems like test packages really do fix this issue. I was able to open my scanned documents without problems.
Sounds good, I'll be in contact with the engineer to get this properly ack'd so it can make it into an update.
Marek, since you did the last few updates, can you look into this?
Created attachment 361622 [details]
a patch fixing reading of arithmetically encoded JBIG2 images with unknown length
The problem here is that poppler doesn't read arithmetically encoded JBIG2 images
correctly. The pdf has generic region segment with length 0xffffffff which signals that actual length is not known and that there is a termination sequence at the end of the segment + 4 bytes long row count. The row count is not read as a part of this segment and poppler handles these 4 bytes as a beginning of a new segment. But the new segment has only 4 bytes, so, further reading raises EOF error.
Attached patch fixes this.
Marek, yes your fix seen to solve this problem. I applied that patch over latest rhel poppler and not it works for me.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.