http://bugzilla.opensuse.org/show_bug.cgi?id=1032021 Bug ID: 1032021 Summary: VUL-1: CVE-2017-7382: podofo: four null pointer dereference Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: http://seclists.org/oss-sec/2017/q2/2 ========================================== # podofotxtextract $FILE ==20388==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f08c6a3c3de bp 0x7ffd52235bd0 sp 0x7ffd52235b20 T0) ==20388==The signal is caused by a READ memory access. ==20388==Hint: address points to the zero page. #0 0x7f08c6a3c3dd in PoDoFo::PdfFontFactory::CreateFont(FT_LibraryRec_**, PoDoFo::PdfObject*) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/src/doc/PdfFontFactory.cpp:200:88 #1 0x7f08c6a1028d in PoDoFo::PdfFontCache::GetFont(PoDoFo::PdfObject*) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/src/doc/PdfFontCache.cpp:362:22 #2 0x51debb in TextExtractor::ExtractText(PoDoFo::PdfMemDocument*, PoDoFo::PdfPage*) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/tools/podofotxtextract/TextExtractor.cpp:104:43 #3 0x51d021 in TextExtractor::Init(char const*) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/tools/podofotxtextract/TextExtractor.cpp:48:15 #4 0x539f6d in main /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/tools/podofotxtextract/podofotxtextract.cpp:52:17 #5 0x7f08c4c9a6ff in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289 #6 0x420d48 in _start (/usr/bin/podofotxtextract+0x420d48) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/src/doc/PdfFontFactory.cpp:200:88 in PoDoFo::PdfFontFactory::CreateFont(FT_LibraryRec_**, PoDoFo::PdfObject*) Reproducer: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3 CVE: CVE-2017-7382 ========================================== -- You are receiving this mail because: You are on the CC list for the bug.