|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2018-7454: xpdf: A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc allows attackers to launch denial of service via a specific pdf file | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Karol Babioch <karol> |
| Component: | Incidents | Assignee: | Peter Simons <peter.simons> |
| Status: | NEW --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P4 - Low | CC: | smash_bz |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/200814/ | ||
| Whiteboard: | CVSSv3:SUSE:CVE-2018-7454:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) maint:planned:update | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1133493 | ||
|
Description
Karol Babioch
2018-02-26 13:08:49 UTC
No fix for this issue was published. According to the web forum, upstream tried to remedy this issue by > adding a test for nComps==0 when reading the SIZ segment ..., but this turned out to be insufficient. After some back and forth, the solution apparently is to disable 0 page PDF files altogether: > Zero-page PDF files are kind of an odd case. I'll add a test in XFAForm::load that bails out early if nPages==0. I looked at the code of XFAForm::load() in the 4.00 release, trying to re-implement the fix, but unfortunately there is no obvious way to write that test. (nPages is an attribute deep inside of a XFAForm object, so the object has to be constructed already before I can access it, which seems too late for the test to be meaningful). Upstream was asked whether they'll release the fix -- or a new version that contains it --, and they said: > This will be in the next release. I don't have a schedule for that yet. That was over a year ago. |