Bug 488337 (CVE-2009-0755) - CVE-2009-0755 poppler/evince: DoS via crafted PDF file
Summary: CVE-2009-0755 poppler/evince: DoS via crafted PDF file
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2009-0755
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://web.nvd.nist.gov/view/vuln/det...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-03-03 19:03 UTC by Vincent Danen
Modified: 2021-11-12 19:56 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-12-04 14:55:28 UTC
Embargoed:


Attachments (Terms of Use)

Description Vincent Danen 2009-03-03 19:03:27 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0755 to
the following vulnerability:

Name: CVE-2009-0755
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0755
Assigned: 20090303
Reference: MLIST:[oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2009/02/13/1
Reference: MLIST:[oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities
Reference: URL: http://www.openwall.com/lists/oss-security/2009/02/19/2
Reference: MLIST:[poppler] 20090128 poppler/Form.cc
Reference: URL: http://lists.freedesktop.org/archives/poppler/2009-January/004406.html
Reference: CONFIRM: http://bugs.freedesktop.org/show_bug.cgi?id=19790
Reference: SECUNIA:33853
Reference: URL: http://secunia.com/advisories/33853

The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4
allows remote attackers to cause a denial of service (crash) via a PDF
file with an invalid Form Opt entry.

Comment 1 Tomas Hoger 2009-07-15 13:07:02 UTC
Upstream commit is:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=1fc342eadcbbb41302f190b215c5daf23c9ec9b1

This causes out of bounds read and crash.

Affected code is not part of poppler shipped in Red Hat Enterprise Linux 5, any xpdf version (including latest upstream 3.02pl3), or any other xpdf-based reader shipped in Red Hat Enterprise Linux 3, 4, or 5.

Fedora 11 and later currently includes poppler 0.10.5 or later, which already contains the fix.  This flaw only exists in Fedora 10 at the moment.  So possible candidate for inclusion in future F10 poppler update, if any.

Comment 2 Tomas Hoger 2009-12-04 14:55:28 UTC
As noted above, this currently only affect poppler version in F10.  As F10 will reach EOL soon and no other poppler update is planned for more important bug or security fix, this will remain unfixed in F10.


Note You need to log in before you can comment on or make changes to this bug.