First Last Prev Next    This bug is not in your last search results.
Bug 1035534 - (CVE-2017-7994) VUL-1: CVE-2017-7994: podofo: denial of service (NULL pointer dereference and application crash) via a crafted PDF document(TextExtractor::ExtractText in TextExtractor.cpp:77)
(CVE-2017-7994)
VUL-1: CVE-2017-7994: podofo: denial of service (NULL pointer dereference and...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Antonio Larrosa
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-21 19:47 UTC by Mikhail Kasimov
Modified: 2019-10-31 08:15 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
PoC_CVE-2017-7994 (34.14 KB, application/pdf)
2017-04-21 19:47 UTC, Mikhail Kasimov 		Details
crash_info_CVE-2017-7994 (35.09 KB, text/html)
2017-04-21 19:48 UTC, Mikhail Kasimov 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-04-21 19:47:52 UTC 
Created attachment 722198 [details]
PoC_CVE-2017-7994

Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-7994
===================================================
Description

The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

Source:  MITRE      Last Modified:  04/21/2017
===================================================

Hyperlink:

[1] https://github.com/icepng/PoC/tree/master/PoC1 (PoC and Analysis)
[2] https://icepng.github.io/2017/04/21/PoDoFo-1/

(open-)SUSE: https://software.opensuse.org/package/podofo

0.9.4 (TW, official repo)
0.9.3 (42.{1,2}, official repo)
Comment 1 Mikhail Kasimov 2017-04-21 19:48:58 UTC 
Created attachment 722199 [details]
crash_info_CVE-2017-7994
Comment 4 Antonio Larrosa 2018-06-26 14:33:51 UTC 
Reassign to security-team since a patch was submitted to SUSE:SLE-12:Update in isr 167536
Comment 5 Swamp Workflow Management 2018-08-22 19:10:10 UTC 
SUSE-SU-2018:2481-1: An update that fixes 16 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1023067,1023069,1023070,1023071,1023380,1027778,1027782,1027787,1032017,1032018,1032019,1035534,1035596,1037739,1075772,1084894
CVE References: CVE-2017-5852,CVE-2017-5853,CVE-2017-5854,CVE-2017-5855,CVE-2017-5886,CVE-2017-6840,CVE-2017-6844,CVE-2017-6847,CVE-2017-7378,CVE-2017-7379,CVE-2017-7380,CVE-2017-7994,CVE-2017-8054,CVE-2017-8787,CVE-2018-5308,CVE-2018-8001
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    podofo-0.9.2-3.3.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    podofo-0.9.2-3.3.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    podofo-0.9.2-3.3.1
Comment 6 Marcus Meissner 2018-11-14 09:47:19 UTC 
released
Comment 7 Marcus Meissner 2018-11-14 09:50:50 UTC 
leap 42.3 and 15.0 are not fixed
Comment 8 Swamp Workflow Management 2019-01-10 08:01:17 UTC 
This is an autogenerated message for OBS integration:
This bug (1035534) was mentioned in
https://build.opensuse.org/request/show/664264 42.3 / podofo
https://build.opensuse.org/request/show/664265 15.0 / podofo
Comment 9 Swamp Workflow Management 2019-01-18 20:12:38 UTC 
openSUSE-SU-2019:0066-1: An update that fixes 20 vulnerabilities is now available.

Category: security (important)
Bug References: 1023067,1023069,1023070,1023071,1023380,1027778,1027779,1027782,1027787,1032017,1032018,1032019,1035534,1035596,1037739,1075021,1075026,1075322,1075772,1084894
CVE References: CVE-2017-5852,CVE-2017-5853,CVE-2017-5854,CVE-2017-5855,CVE-2017-5886,CVE-2017-6840,CVE-2017-6844,CVE-2017-6845,CVE-2017-6847,CVE-2017-7378,CVE-2017-7379,CVE-2017-7380,CVE-2017-7994,CVE-2017-8054,CVE-2017-8787,CVE-2018-5295,CVE-2018-5296,CVE-2018-5308,CVE-2018-5309,CVE-2018-8001
Sources used:
openSUSE Leap 42.3 (src):    podofo-0.9.6-10.3.1
Comment 10 Marcus Meissner 2019-10-31 08:15:16 UTC 
released
First Last Prev Next    This bug is not in your last search results.