[Bug 1120956] VUL-1: CVE-2018-20662: poppler: PDFDoc setup in PDFDoc.cc allows attackers to cause DOS because of a wrong return value from PDFDoc:setup

http://bugzilla.suse.com/show_bug.cgi?id=1120956 http://bugzilla.suse.com/show_bug.cgi?id=1120956#c3 ANTONIO CARISTA changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |acaristia@suse.com Flags| |needinfo? --- Comment #3 from ANTONIO CARISTA --- Working on S:M:10689:187745 i got core dumped before ad after update. here reproducer: https://gitlab.freedesktop.org/poppler/poppler/issues/706 BEFORE: ====== bragi:/tmp/test_poppler/pdfunite # rpm -qa|grep poppler libpoppler73-0.62.0-2.33.x86_64 libpoppler-glib8-0.62.0-2.33.x86_64 libpoppler-cpp0-0.62.0-2.33.x86_64 poppler-tools-0.62.0-2.33.x86_64 libpoppler-qt5-1-0.62.0-2.43.x86_64 libpoppler-devel-0.62.0-2.33.x86_64 libpoppler-qt5-devel-0.62.0-2.43.x86_64 libpoppler-glib-devel-0.62.0-2.33.x86_64 poppler-data-0.4.8-bp150.2.4.noarch bragi:/tmp/test_poppler/pdfunite # pdfunite RELEASE-NOTES.it.pdf sigabrt_Object.h:258_1.pdf OUTPUT.pdf Syntax Error: Couldn't find trailer dictionary Syntax Error: Invalid XRef entry Internal Error: xref num 21 not found but needed, try to reconstruct<0a> Syntax Error: Invalid XRef entry Syntax Error: Couldn't find trailer dictionary Syntax Error: Could not find catalog dictionary Syntax Error: Invalid XRef entry Syntax Error: Couldn't find trailer dictionary Internal Error (0): Call to Object where the object was type 5, not the expected type 7 Aborted (core dumped) bragi:/tmp/test_poppler/pdfunite # pdfunite RELEASE-NOTES.it.pdf sigabrt_Object.h:258_2.pdf OUTPUT.pdf Syntax Error: Couldn't find trailer dictionary Syntax Error (374): Illegal character <10> in hex string Syntax Error (603): Dictionary key must be a name object Syntax Error (605): Dictionary key must be a name object Syntax Error (611): Dictionary key must be a name object Syntax Error (603): Dictionary key must be a name object Syntax Error (605): Dictionary key must be a name object Syntax Error (611): Dictionary key must be a name object Syntax Error: Failed to parse XRef entry [1]. Internal Error: xref num 1 not found but needed, try to reconstruct<0a> Syntax Error: Couldn't find trailer dictionary Syntax Error (1014): Dictionary key must be a name object Syntax Error (1016): Dictionary key must be a name object Syntax Error (1018): Dictionary key must be a name object Syntax Error (1018): Dictionary key must be a name object Syntax Error (1020): Dictionary key must be a name object Syntax Error: Page count in top-level pages object is wrong type (null) Syntax Error: Couldn't find trailer dictionary Internal Error (0): Call to Object where the object was type 5, not the expected type 7 Aborted (core dumped) AFTER: ====== bragi:/tmp/test_poppler/pdfunite # rpm -qa|grep poppler libpoppler-qt5-1-0.62.0-4.3.2.x86_64 poppler-tools-0.62.0-4.3.2.x86_64 libpoppler-glib-devel-0.62.0-4.3.2.x86_64 libpoppler-cpp0-0.62.0-4.3.2.x86_64 libpoppler73-0.62.0-4.3.2.x86_64 poppler-data-0.4.8-bp150.2.4.noarch libpoppler-qt5-devel-0.62.0-4.3.2.x86_64 libpoppler-devel-0.62.0-4.3.2.x86_64 libpoppler-glib8-0.62.0-4.3.2.x86_64 bragi:/tmp/test_poppler/pdfunite # pdfunite RELEASE-NOTES.it.pdf sigabrt_Object.h:258_2.pdf OUTPUT.pdf Syntax Error: Couldn't find trailer dictionary Syntax Error (374): Illegal character <10> in hex string Syntax Error (603): Dictionary key must be a name object Syntax Error (605): Dictionary key must be a name object Syntax Error (611): Dictionary key must be a name object Syntax Error (603): Dictionary key must be a name object Syntax Error (605): Dictionary key must be a name object Syntax Error (611): Dictionary key must be a name object Syntax Error: Failed to parse XRef entry [1]. Internal Error: xref num 1 not found but needed, try to reconstruct<0a> Syntax Error: Couldn't find trailer dictionary Syntax Error (1014): Dictionary key must be a name object Syntax Error (1016): Dictionary key must be a name object Syntax Error (1018): Dictionary key must be a name object Syntax Error (1018): Dictionary key must be a name object Syntax Error (1020): Dictionary key must be a name object Syntax Error: Page count in top-level pages object is wrong type (null) Syntax Error: Couldn't find trailer dictionary Internal Error (0): Call to Object where the object was type 5, not the expected type 7 Aborted (core dumped) bragi:/tmp/test_poppler/pdfunite # pdfunite RELEASE-NOTES.it.pdf sigabrt_Object.h:258_1.pdf OUTPUT.pdf Syntax Error: Couldn't find trailer dictionary Syntax Error: Invalid XRef entry Internal Error: xref num 21 not found but needed, try to reconstruct<0a> Syntax Error: Invalid XRef entry Syntax Error: Couldn't find trailer dictionary Syntax Error: Could not find catalog dictionary Syntax Error: Invalid XRef entry Syntax Error: Couldn't find trailer dictionary Internal Error (0): Call to Object where the object was type 5, not the expected type 7 Aborted (core dumped) bragi:/tmp/test_poppler/pdfunite # pdfunite sigabrt_Object.h\:258_1.pdf sigabrt_Object.h:258_2.pdf OUTPUT.pdf Syntax Error: Couldn't find trailer dictionary Syntax Error (374): Illegal character <10> in hex string Syntax Error (603): Dictionary key must be a name object Syntax Error (605): Dictionary key must be a name object Syntax Error (611): Dictionary key must be a name object Syntax Error: Couldn't find trailer dictionary Syntax Error: Invalid XRef entry Internal Error: xref num 21 not found but needed, try to reconstruct<0a> Syntax Error: Invalid XRef entry Syntax Error: Couldn't find trailer dictionary Syntax Error: Catalog object is wrong type (null) Syntax Error: Cannot allocate page cache Syntax Error: Invalid XRef entry Syntax Error: Couldn't find trailer dictionary Syntax Error: Catalog object is wrong type (null) Internal Error (0): Call to Object where the object was type 5, not the expected type 7 Aborted (core dumped) -- You are receiving this mail because: You are on the CC list for the bug.