Poppler was recently reported to be vulnerable to a flaw, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library. The vulnerability is caused due to a format string error when handling extraneous bytes within a segment in the "JBIG2Stream::readSegments()" method in JBIG2Stream.cc, which can be exploited to cause a crash. The issue is said to be fixed in Poppler 0.24.5. References: https://bugs.gentoo.org/show_bug.cgi?id=496770 https://bugs.kde.org/show_bug.cgi?id=328511 (okular) Commit: http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684
Created mingw-poppler tracking bugs for this issue: Affects: fedora-all [bug 1048203]
Created poppler tracking bugs for this issue: Affects: fedora-all [bug 1048202]
poppler-0.24.3-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
In the version of poppler shipped with Red Hat Enterprise Linux 5 and 6, vulnerable format string is not used. Upstream uses "{0:d}" while the Red Hat Enterprise Linux version uses "%d". Secondly the upstream version of poppler uses a custom defined error() function (in poppler/Error.cc), while in the Red Hat Enterprise Linux version, error() is just a wrapper around the glibc error() function. Therefore this issue does not affect the version of poppler in Red Hat Enterprise Linux 5 and 6.
Statement: Not Vulnerable. This issue does not affect the version of poppler as shipped with Red Hat Enterprise Linux 5 and 6.
mingw-poppler-0.22.5-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
mingw-poppler-0.24.5-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
CVE Request: http://seclists.org/oss-sec/2014/q1/97
This issue was assigned CVE-2013-7296: http://seclists.org/oss-sec/2014/q1/105