Debian Bug report logs -
#534680
libpoppler4: buffer overflow in the Abiword backend
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, ubanus@users.sf.net, Loic Minier <lool@dooz.org>:
Bug#534680; Package libpoppler4.
(Fri, 26 Jun 2009 10:24:16 GMT) (full text, mbox, link).
Acknowledgement sent
to Jakub Wilk <ubanus@users.sf.net>:
New Bug report received and forwarded. Copy sent to ubanus@users.sf.net, Loic Minier <lool@dooz.org>.
(Fri, 26 Jun 2009 10:24:16 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libpoppler4
Version: 0.10.6-1.1
Severity: important
The Abiword backend is susceptible to buffer overflows.
Proof of concept:
$ gdb pdftoabw
[snip]
(gdb) break ABWOutputDev::endWord()
Function "ABWOutputDev::endWord()" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (ABWOutputDev::endWord()) pending.
(gdb) run test.pdf /tmp/tmp
[snip]
Breakpoint 1, ABWOutputDev::endWord (this=0x97a12d0) at ABWOutputDev.cc:424
424 if (N_word) {
(gdb) cont
Continuing.
Breakpoint 1, ABWOutputDev::endWord (this=0x97a12d0) at ABWOutputDev.cc:424
424 if (N_word) {
(gdb) n
425 sprintf(buf, "%f", X2); xmlNewProp(N_word, BAD_CAST "X2", BAD_CAST buf);
(gdb) n
426 sprintf(buf, "%f", Y2); xmlNewProp(N_word, BAD_CAST "Y2", BAD_CAST buf);
(gdb) print sizeof buf
$1 = 20
(gdb) print strlen(buf)
$2 = 20
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (900, 'unstable'), (500, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.29-2-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libpoppler4 depends on:
ii libc6 2.9-18 GNU C Library: Shared libraries
ii libfontconfig1 2.6.0-4 generic font configuration library
ii libfreetype6 2.3.9-5 FreeType 2 font engine, shared lib
ii libgcc1 1:4.4.0-8 GCC support library
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libopenjpeg2 1.3+dfsg-4 JPEG 2000 image compression/decomp
ii libstdc++6 4.4.0-8 The GNU Standard C++ Library v3
ii libxml2 2.7.3.dfsg-1 GNOME XML library
ii zlib1g 1:1.2.3.3.dfsg-14 compression library - runtime
libpoppler4 recommends no packages.
libpoppler4 suggests no packages.
--
Jakub Wilk
[test.pdf (application/pdf, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Loic Minier <lool@dooz.org>:
Bug#534680; Package libpoppler4.
(Fri, 26 Jun 2009 10:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Jakub Wilk <ubanus@users.sf.net>:
Extra info received and forwarded to list. Copy sent to Loic Minier <lool@dooz.org>.
(Fri, 26 Jun 2009 10:51:04 GMT) (full text, mbox, link).
Message #10 received at 534680@bugs.debian.org (full text, mbox, reply):
notfound 534680 0.10.6-1.1
found 534680 0.10.6-1
thanks
* Jakub Wilk <ubanus@users.sf.net>, 2009-06-26, 12:20:
>Package: libpoppler4
>Version: 0.10.6-1.1
Oops, that should have been:
Version: 0.10.6-1
--
Jakub Wilk
Bug no longer marked as found in version 0.10.6-1.1.
Request was from Jakub Wilk <ubanus@users.sf.net>
to control@bugs.debian.org.
(Fri, 26 Jun 2009 10:51:05 GMT) (full text, mbox, link).
Bug marked as found in version 0.10.6-1.
Request was from Jakub Wilk <ubanus@users.sf.net>
to control@bugs.debian.org.
(Fri, 26 Jun 2009 10:51:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Loic Minier <lool@dooz.org>:
Bug#534680; Package libpoppler4.
(Wed, 18 Nov 2009 09:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jakub Wilk <ubanus@users.sf.net>:
Extra info received and forwarded to list. Copy sent to Loic Minier <lool@dooz.org>.
(Wed, 18 Nov 2009 09:42:03 GMT) (full text, mbox, link).
Message #21 received at 534680@bugs.debian.org (full text, mbox, reply):
The following CVE (Common Vulnerabilities & Exposures) id was
published for poppler.
CVE-2009-3938[0]:
| Buffer overflow in the ABWOutputDev::endWord function in
| poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0,
| and possibly other versions, as used by the Abiword pdftoabw utility,
| allows user-assisted remote attackers to cause a denial of service and
| possibly execute arbitrary code via a crafted PDF file.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3938
http://security-tracker.debian.org/tracker/CVE-2009-3938
--
Jakub Wilk
Bug reassigned from package 'libpoppler4' to 'poppler'.
Request was from Giuseppe Iuculano <iuculano@debian.org>
to control@bugs.debian.org.
(Tue, 22 Dec 2009 17:45:06 GMT) (full text, mbox, link).
Bug No longer marked as found in versions poppler/0.10.6-1.
Request was from Giuseppe Iuculano <iuculano@debian.org>
to control@bugs.debian.org.
(Tue, 22 Dec 2009 17:45:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Loic Minier <lool@dooz.org>:
Bug#534680; Package poppler.
(Tue, 22 Dec 2009 17:48:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <giuseppe@iuculano.it>:
Extra info received and forwarded to list. Copy sent to Loic Minier <lool@dooz.org>.
(Tue, 22 Dec 2009 17:48:07 GMT) (full text, mbox, link).
Message #30 received at 534680@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
Attached is a debdiff of the changes I made for 0.12.2-2.1 2-day NMU.
Cheers,
Giuseppe
[poppler_0.12.2-2.1.debdiff (text/plain, attachment)]
[signature.asc (application/pgp-signature, attachment)]
Reply sent
to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility.
(Thu, 24 Dec 2009 18:21:09 GMT) (full text, mbox, link).
Notification sent
to Jakub Wilk <ubanus@users.sf.net>:
Bug acknowledged by developer.
(Thu, 24 Dec 2009 18:21:09 GMT) (full text, mbox, link).
Message #35 received at 534680-close@bugs.debian.org (full text, mbox, reply):
Source: poppler
Source-Version: 0.12.2-2.1
We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive:
libpoppler-dev_0.12.2-2.1_i386.deb
to main/p/poppler/libpoppler-dev_0.12.2-2.1_i386.deb
libpoppler-glib-dev_0.12.2-2.1_i386.deb
to main/p/poppler/libpoppler-glib-dev_0.12.2-2.1_i386.deb
libpoppler-glib4_0.12.2-2.1_i386.deb
to main/p/poppler/libpoppler-glib4_0.12.2-2.1_i386.deb
libpoppler-qt-dev_0.12.2-2.1_i386.deb
to main/p/poppler/libpoppler-qt-dev_0.12.2-2.1_i386.deb
libpoppler-qt2_0.12.2-2.1_i386.deb
to main/p/poppler/libpoppler-qt2_0.12.2-2.1_i386.deb
libpoppler-qt4-3_0.12.2-2.1_i386.deb
to main/p/poppler/libpoppler-qt4-3_0.12.2-2.1_i386.deb
libpoppler-qt4-dev_0.12.2-2.1_i386.deb
to main/p/poppler/libpoppler-qt4-dev_0.12.2-2.1_i386.deb
libpoppler5_0.12.2-2.1_i386.deb
to main/p/poppler/libpoppler5_0.12.2-2.1_i386.deb
poppler-dbg_0.12.2-2.1_i386.deb
to main/p/poppler/poppler-dbg_0.12.2-2.1_i386.deb
poppler-utils_0.12.2-2.1_i386.deb
to main/p/poppler/poppler-utils_0.12.2-2.1_i386.deb
poppler_0.12.2-2.1.diff.gz
to main/p/poppler/poppler_0.12.2-2.1.diff.gz
poppler_0.12.2-2.1.dsc
to main/p/poppler/poppler_0.12.2-2.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 534680@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated poppler package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 22 Dec 2009 16:11:27 +0100
Source: poppler
Binary: libpoppler5 libpoppler-dev libpoppler-glib4 libpoppler-glib-dev libpoppler-qt2 libpoppler-qt-dev libpoppler-qt4-3 libpoppler-qt4-dev poppler-utils poppler-dbg
Architecture: source i386
Version: 0.12.2-2.1
Distribution: unstable
Urgency: high
Maintainer: Loic Minier <lool@dooz.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description:
libpoppler-dev - PDF rendering library -- development files
libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
libpoppler-glib4 - PDF rendering library (GLib-based shared library)
libpoppler-qt-dev - PDF rendering library -- development files (Qt 3 interface)
libpoppler-qt2 - PDF rendering library (Qt 3 based shared library)
libpoppler-qt4-3 - PDF rendering library (Qt 4 based shared library)
libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface)
libpoppler5 - PDF rendering library
poppler-dbg - PDF rendering library - detached debugging symbols
poppler-utils - PDF utilitites (based on libpoppler)
Closes: 534680
Changes:
poppler (0.12.2-2.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-3938 (Closes: #534680)
Checksums-Sha1:
06acb101223ed166d288a173d6e9b462bd305bd2 1617 poppler_0.12.2-2.1.dsc
e35db06c90c27b755e1133800c56da2fcd78e98b 18997 poppler_0.12.2-2.1.diff.gz
8dbab31b865f3111f92d941fdf3d6323caaee658 921038 libpoppler5_0.12.2-2.1_i386.deb
aad6c758ac45506517707c380779cc1feeeb7a28 1196024 libpoppler-dev_0.12.2-2.1_i386.deb
267921dda84efebf89fa64c1f1c1f3acdba5f2c1 296562 libpoppler-glib4_0.12.2-2.1_i386.deb
ee9e3c33d1296b2cb64a4dc23c71602d524a0b1f 366260 libpoppler-glib-dev_0.12.2-2.1_i386.deb
5b00d0d97b6aba22e13c3759b3aedc7f935241cb 249546 libpoppler-qt2_0.12.2-2.1_i386.deb
e3c2ffb0781831fd1ba863edcfee32e821d3ac8d 254662 libpoppler-qt-dev_0.12.2-2.1_i386.deb
948e12c7ae7ae415021b988af7a95b70cde07b9b 394092 libpoppler-qt4-3_0.12.2-2.1_i386.deb
458abd6070b618b6a4dd9f38eb03164e21329994 433182 libpoppler-qt4-dev_0.12.2-2.1_i386.deb
0b90d4b8e7e182d279bf2795236601119f5cf7c9 302192 poppler-utils_0.12.2-2.1_i386.deb
239fe723130060674c982de146d91336451d7528 3467310 poppler-dbg_0.12.2-2.1_i386.deb
Checksums-Sha256:
981814a50d375db9675e2b5fddd91e5bbfb6ee16683e1deee85ccfdfd0494706 1617 poppler_0.12.2-2.1.dsc
9a5e775d159a6cf58f51b2586cfbeec8108295ae0363e8745066cfd40431e85d 18997 poppler_0.12.2-2.1.diff.gz
ea3bc9e428ea628e5343b6f7b47c3bf67bae6475a959f02a118715fe7e53e4c3 921038 libpoppler5_0.12.2-2.1_i386.deb
b9b0900d89823badd3a3efae732f72b95d6affda814081f03ae0990ac7a901db 1196024 libpoppler-dev_0.12.2-2.1_i386.deb
5618bcae854a38167b443842772a6296da18a6fb711b3d530653d41329867468 296562 libpoppler-glib4_0.12.2-2.1_i386.deb
369f361c70aba61a61a14b86a0fab39b5171cb6524244bfc179029c0913d7b47 366260 libpoppler-glib-dev_0.12.2-2.1_i386.deb
3b54c8431d05a5a111b4246437e080be61645b8e81ac46c1312bd1b947b81193 249546 libpoppler-qt2_0.12.2-2.1_i386.deb
f45ea730fbf73f235378b296966ece877485d67e26e694df3749d0cb8e788db9 254662 libpoppler-qt-dev_0.12.2-2.1_i386.deb
9cea828110108a4117b40e9c8070f6eb2a6a918b6cc448fb2f8ffa56fefb2636 394092 libpoppler-qt4-3_0.12.2-2.1_i386.deb
bb56c0cc43278fcd1361e101ba9f3d25b7d481e68fecbeb0a5b394d4c0669dda 433182 libpoppler-qt4-dev_0.12.2-2.1_i386.deb
d34acbd16fd3a597323dfeb60bd5d1f2e6e98262a87b17b01f723f05acdbe1bd 302192 poppler-utils_0.12.2-2.1_i386.deb
9dde1e5f0f41b4341f54baf25816732d336b8c0022daf24cb2b955f6e8ea491c 3467310 poppler-dbg_0.12.2-2.1_i386.deb
Files:
6c63156ee0101d463198606ded409649 1617 devel optional poppler_0.12.2-2.1.dsc
f59101ff2915d8b2c5f20156cdfa6522 18997 devel optional poppler_0.12.2-2.1.diff.gz
3d3c44b87e082f5a6bb2a35aee2ed466 921038 libs optional libpoppler5_0.12.2-2.1_i386.deb
bf97abc19857f0e30442dd604430f1c6 1196024 libdevel optional libpoppler-dev_0.12.2-2.1_i386.deb
b66e66153afb85b5e0edfa40ff204b2f 296562 libs optional libpoppler-glib4_0.12.2-2.1_i386.deb
a01d4609cb96abeac9eb737a89aef86e 366260 libdevel optional libpoppler-glib-dev_0.12.2-2.1_i386.deb
b2b1807250cb1f3d3a99030b6971700f 249546 libs optional libpoppler-qt2_0.12.2-2.1_i386.deb
f57c3998c61b433b88b03f91752db125 254662 libdevel optional libpoppler-qt-dev_0.12.2-2.1_i386.deb
e0180aa51e26f2468178bf4c597ea756 394092 libs optional libpoppler-qt4-3_0.12.2-2.1_i386.deb
0e9e54343d2211056c38e31c370e1243 433182 libdevel optional libpoppler-qt4-dev_0.12.2-2.1_i386.deb
79f19aa552d6370c6d47a468d4ba71e1 302192 utils optional poppler-utils_0.12.2-2.1_i386.deb
881a479070f3402dc6b1d1467c8e64fe 3467310 debug extra poppler-dbg_0.12.2-2.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksw56wACgkQNxpp46476arNFACfdb53hcx9JpzfLj2taqLqqo4E
GkIAn1YKHjS4rYX0RlkfQ7m+ASGqT22S
=l0+G
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 13 Jun 2010 07:36:41 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:57:37 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon