Bug 1212016 (CVE-2023-3044)

Summary: VUL-0: CVE-2023-3044: poppler: divide-by-zero in Xpdf's text extraction code
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Leroy <thomas.leroy>
Component: IncidentsAssignee: Peter Simons <peter.simons>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/368280/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Leroy 2023-06-05 10:30:51 UTC 
CVE-2023-3044

An excessively large PDF page size (found in fuzz testing, unlikely in normal
PDF files) can result in a divide-by-zero in Xpdf's text extraction code.




This is related to CVE-2022-30524, but the problem here is caused by a very
large page size, rather than by a very large character coordinate.




References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3044
https://www.cve.org/CVERecord?id=CVE-2023-3044
http://www.cvedetails.com/cve/CVE-2023-3044/
https://github.com/baker221/poc-xpdf
https://www.xpdfreader.com/security-bug/CVE-2023-3044.html
Comment 1 Thomas Leroy 2023-06-05 10:31:15 UTC 
Not reproducible in poppler. Closing