Bugzilla – Bug 1027778
VUL-1: CVE-2017-6847: podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h)
Last modified: 2019-01-18 20:11:39 UTC
Ref: http://seclists.org/oss-sec/2017/q1/547 ============================================= Description: podofo is a C++ library to work with the PDF file format. A fuzz on it discovered a null pointer dereference. The upstream project denies me to open a new ticket. So, I just will forward this on the -users mailing list. The complete ASan output: # podofocolor dummy $FILE foo ==5768==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x7f6504f1742c bp 0x7fffc41a0df0 sp 0x7fffc41a0d00 T0) ==5768==The signal is caused by a READ memory access. ==5768==Hint: address points to the zero page. #0 0x7f6504f1742b in PoDoFo::PdfVariant::DelayedLoad() const /tmp/portage/app-text/podofo-0.9.4/work/podofo-0.9.4/src/base/PdfVariant.h:545:10 #1 0x7f6504f1742b in PoDoFo::PdfVariant::GetArray() /tmp/portage/app-text/podofo-0.9.4/work/podofo-0.9.4/src/base/PdfVariant.h:795 #2 0x7f6504f1742b in PoDoFo::PdfXObject::PdfXObject(PoDoFo::PdfObject*) /tmp/portage/app-text/podofo-0.9.4/work/podofo-0.9.4/src/doc/PdfXObject.cpp:264 #3 0x51ff55 in ColorChanger::start() /tmp/portage/app-text/podofo-0.9.4/work/podofo-0.9.4/tools/podofocolor/colorchanger.cpp:137:28 #4 0x51c06d in main /tmp/portage/app-text/podofo-0.9.4/work/podofo-0.9.4/tools/podofocolor/podofocolor.cpp:116:12 #5 0x7f650358c61f in __libc_start_main /var/tmp/portage/sys-libs/glibc-2.22-r4/work/glibc-2.22/csu/libc-start.c:289 #6 0x428718 in _start (/usr/bin/podofocolor+0x428718) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /tmp/portage/app-text/podofo-0.9.4/work/podofo-0.9.4/src/base/PdfVariant.h:545:10 in PoDoFo::PdfVariant::DelayedLoad() const ==5768==ABORTING Affected version: 0.9.4 Fixed version: N/A Commit fix: N/A Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00174-podofo-nullptr-PoDoFo-PdfVariant-DelayedLoad Timeline: 2017-02-13: bug discovered 2017-03-02: bug reported to upstream 2017-03-02: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h ============================================= https://software.opensuse.org/package/podofo TW: 0.9.4 42.{1,2}: 0.9.3
bugbot adjusting priority
Reassign to security-team since a patch was submitted to SUSE:SLE-12:Update in isr 167536
SUSE-SU-2018:2481-1: An update that fixes 16 vulnerabilities is now available. Category: security (moderate) Bug References: 1023067,1023069,1023070,1023071,1023380,1027778,1027782,1027787,1032017,1032018,1032019,1035534,1035596,1037739,1075772,1084894 CVE References: CVE-2017-5852,CVE-2017-5853,CVE-2017-5854,CVE-2017-5855,CVE-2017-5886,CVE-2017-6840,CVE-2017-6844,CVE-2017-6847,CVE-2017-7378,CVE-2017-7379,CVE-2017-7380,CVE-2017-7994,CVE-2017-8054,CVE-2017-8787,CVE-2018-5308,CVE-2018-8001 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): podofo-0.9.2-3.3.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): podofo-0.9.2-3.3.1 SUSE Linux Enterprise Desktop 12-SP3 (src): podofo-0.9.2-3.3.1
done
This is an autogenerated message for OBS integration: This bug (1027778) was mentioned in https://build.opensuse.org/request/show/664264 42.3 / podofo https://build.opensuse.org/request/show/664265 15.0 / podofo
openSUSE-SU-2019:0066-1: An update that fixes 20 vulnerabilities is now available. Category: security (important) Bug References: 1023067,1023069,1023070,1023071,1023380,1027778,1027779,1027782,1027787,1032017,1032018,1032019,1035534,1035596,1037739,1075021,1075026,1075322,1075772,1084894 CVE References: CVE-2017-5852,CVE-2017-5853,CVE-2017-5854,CVE-2017-5855,CVE-2017-5886,CVE-2017-6840,CVE-2017-6844,CVE-2017-6845,CVE-2017-6847,CVE-2017-7378,CVE-2017-7379,CVE-2017-7380,CVE-2017-7994,CVE-2017-8054,CVE-2017-8787,CVE-2018-5295,CVE-2018-5296,CVE-2018-5308,CVE-2018-5309,CVE-2018-8001 Sources used: openSUSE Leap 42.3 (src): podofo-0.9.6-10.3.1