http://bugzilla.opensuse.org/show_bug.cgi?id=1032022 Bug ID: 1032022 Summary: VUL-1: CVE-2017-7383: podofo: four null pointer dereference Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: http://seclists.org/oss-sec/2017/q2/2 ============================================ # podofotxtextract $FILE ==26727==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f4c23dd5e41 bp 0x7ffd6ce24bd0 sp 0x7ffd6ce24b20 T0) ==26727==The signal is caused by a READ memory access. ==26727==Hint: address points to the zero page. #0 0x7f4c23dd5e40 in PoDoFo::PdfFontFactory::CreateFont(FT_LibraryRec_**, PoDoFo::PdfObject*) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/src/doc/PdfFontFactory.cpp:195:62 #1 0x7f4c23daa28d in PoDoFo::PdfFontCache::GetFont(PoDoFo::PdfObject*) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/src/doc/PdfFontCache.cpp:362:22 #2 0x51debb in TextExtractor::ExtractText(PoDoFo::PdfMemDocument*, PoDoFo::PdfPage*) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/tools/podofotxtextract/TextExtractor.cpp:104:43 #3 0x51d021 in TextExtractor::Init(char const*) /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/tools/podofotxtextract/TextExtractor.cpp:48:15 #4 0x539f6d in main /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/tools/podofotxtextract/podofotxtextract.cpp:52:17 #5 0x7f4c220346ff in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289 #6 0x420d48 in _start (/usr/bin/podofotxtextract+0x420d48) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /tmp/portage/app-text/podofo-0.9.5/work/podofo-0.9.5/src/doc/PdfFontFactory.cpp:195:62 in PoDoFo::PdfFontFactory::CreateFont(FT_LibraryRec_**, PoDoFo::PdfObject*) Reproducer: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4 CVE: CVE-2017-7383 ============================================ -- You are receiving this mail because: You are on the CC list for the bug.