|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2020-23804: poppler: uncontrolled recursion in pdfinfo and pdftops | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Carlos López <carlos.lopez> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P3 - Medium | CC: | abergmann, pgajdos, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/375986/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2020-23804:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Carlos López
2023-09-18 07:54:36 UTC
BEFORE TW,15sp4/poppler $ valgrind -q pdfinfo xref.pdf Syntax Error: File has more than 4096 XRefStm, aborting Syntax Error: Couldn't find trailer dictionary Syntax Error: File has more than 4096 XRefStm, aborting Syntax Error: Couldn't find trailer dictionary Syntax Error: Couldn't read xref table $ [already fixed] 15sp2,15,12sp2,12/poppler :/215422 # pdfinfo xref.pdf Segmentation fault (core dumped) :/215422 # PATCH https://gitlab.freedesktop.org/poppler/poppler/-/commit/ec8a43c8df29fdd6f1228276160898ccd9401c92 AFTER 15sp2,15,12sp2,12/poppler :/215422 # pdfinfo xref.pdf Syntax Error: File has more than 4096 XRefStm, aborting Syntax Error: Couldn't find trailer dictionary Syntax Error: File has more than 4096 XRefStm, aborting Syntax Error: Couldn't find trailer dictionary Syntax Error: Couldn't read xref table :/215422 # Submitted for 15sp2,15,12sp2,12/poppler. I believe all fixed. 15sp5/poppler: alrady in upstream tarball, fixed SUSE-SU-2023:3983-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1214257, 1214618, 1214621, 1214622, 1215422 CVE References: CVE-2020-23804, CVE-2020-36024, CVE-2022-37050, CVE-2022-37051, CVE-2022-38349 Sources used: openSUSE Leap 15.4 (src): poppler-0.62.0-150000.4.25.2 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): poppler-0.62.0-150000.4.25.2 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): poppler-0.62.0-150000.4.25.2 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): poppler-0.62.0-150000.4.25.2 SUSE CaaS Platform 4.0 (src): poppler-0.62.0-150000.4.25.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2023:3982-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1214257, 1214618, 1214621, 1214622, 1215422 CVE References: CVE-2020-23804, CVE-2020-36024, CVE-2022-37050, CVE-2022-37051, CVE-2022-38349 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): poppler-qt-0.43.0-16.35.2, poppler-0.43.0-16.35.2 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): poppler-qt-0.43.0-16.35.2, poppler-0.43.0-16.35.2 SUSE Linux Enterprise Server 12 SP5 (src): poppler-qt-0.43.0-16.35.2, poppler-0.43.0-16.35.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): poppler-qt-0.43.0-16.35.2, poppler-0.43.0-16.35.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2023:3981-1: An update that solves four vulnerabilities can now be installed. Category: security (important) Bug References: 1214257, 1214618, 1214622, 1215422 CVE References: CVE-2020-23804, CVE-2020-36024, CVE-2022-37050, CVE-2022-38349 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): poppler-0.24.4-14.36.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2023:3998-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1214257, 1214618, 1214621, 1214622, 1215422 CVE References: CVE-2020-23804, CVE-2020-36024, CVE-2022-37050, CVE-2022-37051, CVE-2022-38349 Sources used: SUSE Manager Server 4.2 (src): poppler-0.79.0-150200.3.21.2 SUSE Enterprise Storage 7.1 (src): poppler-0.79.0-150200.3.21.2 openSUSE Leap 15.4 (src): poppler-0.79.0-150200.3.21.2 Basesystem Module 15-SP4 (src): poppler-0.79.0-150200.3.21.2 Basesystem Module 15-SP5 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): poppler-0.79.0-150200.3.21.2 SUSE Manager Proxy 4.2 (src): poppler-0.79.0-150200.3.21.2 SUSE Manager Retail Branch Server 4.2 (src): poppler-0.79.0-150200.3.21.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. Done, closing. |