A flaw was found in latest djvulibre. A Stack overflow in function DJVU::DjVuDocument::get_djvu_file() via crafted djvu file may lead to application crash and other consequences. References: https://bugzilla.redhat.com/show_bug.cgi?id=1943411
Is it possible to get more information/details on this issue? The referenced further bug seems restricted so far. Is there a fix for this issue upstream? Regards, Salvatore
I agree with Salvatore, it would be nice if you can share technical details about this issue. Thanks, Gianluca
Hi, I've just pushed an update which among others fixes this issue as well. The issue here is that djvulibre tries to open a file inside a djvu file while already opening it and this goes on and on resulting in stack overflow. I've broken this cycle by remembering which file it is opening. I've stored the name in DjVuPortcaster class since it is common to these actions. I'm not aware of an upstream fix for this. Regards
Created djvulibre tracking bugs for this issue: Affects: epel-7 [bug 1943411]
Created djvulibre tracking bugs for this issue: Affects: epel-7 [bug 1958164] Created mingw-djvulibre tracking bugs for this issue: Affects: fedora-all [bug 1958165]
Acknowledgments: Name: 1vanChen (NSFOCUS Security Team)
(In reply to Marek Kašík from comment #4) > Hi, > > I've just pushed an update which among others fixes this issue as well. > > The issue here is that djvulibre tries to open a file inside a djvu file > while already opening it and this goes on and on resulting in stack overflow. > I've broken this cycle by remembering which file it is opening. I've stored > the name in DjVuPortcaster class since it is common to these actions. > > I'm not aware of an upstream fix for this. > > Regards Hi Marek, I see similar bugs are public: https://bugzilla.redhat.com/show_bug.cgi?id=1943408 https://bugzilla.redhat.com/show_bug.cgi?id=1943409 https://bugzilla.redhat.com/show_bug.cgi?id=1943410 https://bugzilla.redhat.com/show_bug.cgi?id=1943424 Since 1943411 is no longer embargoed, I'm wondering if you can open it to everybody? Thanks, Gianluca
Hi Gianluca, I am probably not the person who should do this. I've forwarded your question to Michael. Regards
(In reply to Gianluca Gabrielli from comment #8) > (In reply to Marek Kašík from comment #4) > > Hi, > > > > I've just pushed an update which among others fixes this issue as well. > > > > The issue here is that djvulibre tries to open a file inside a djvu file > > while already opening it and this goes on and on resulting in stack overflow. > > I've broken this cycle by remembering which file it is opening. I've stored > > the name in DjVuPortcaster class since it is common to these actions. > > > > I'm not aware of an upstream fix for this. > > > > Regards > > Hi Marek, > > I see similar bugs are public: > > https://bugzilla.redhat.com/show_bug.cgi?id=1943408 > https://bugzilla.redhat.com/show_bug.cgi?id=1943409 > https://bugzilla.redhat.com/show_bug.cgi?id=1943410 > https://bugzilla.redhat.com/show_bug.cgi?id=1943424 > > Since 1943411 is no longer embargoed, I'm wondering if you can open it to > everybody? > > Thanks, > Gianluca Hey Gianluca, It's Done.