Bug 1131722 - (CVE-2019-10872) VUL-1: CVE-2019-10872: poppler: heap-based buffer over-read in function Splash:blitTransparent in splash/Splash.cc
(CVE-2019-10872)
VUL-1: CVE-2019-10872: poppler: heap-based buffer over-read in function Splas...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Peter Simons
Security Team bot
https://smash.suse.de/issue/229001/
CVSSv3:SUSE:CVE-2019-10872:4.4:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-05 15:33 UTC by Alexandros Toptsoglou
Modified: 2022-05-18 19:22 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-04-05 15:33:49 UTC
CVE-2019-10872

An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc.

Reference:
https://gitlab.freedesktop.org/poppler/poppler/issues/750

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1696638
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10872
https://gitlab.freedesktop.org/poppler/poppler/issues/750
Comment 1 Alexandros Toptsoglou 2019-04-05 16:02:36 UTC
There is a POC at [1]. The vulnerable code introduced in version 0.19 with commit [2]. 
I successfully reproduced the bug in SLE15, SLE12-SP2 and SLE12 and in TW. I also attempted to run it in the non-vulnerable version of SLE11-SP1 without success. 

To run successfully the POC I ran the following: 

valgrind --leak-check=full pdftoppm -cropbox -mono $POC

Currently there is no fix available

[1] https://gitlab.freedesktop.org/poppler/poppler/uploads/c1a76b9a575ea1da523c24e5202e9c3c/poc.tar.gz
[2] https://gitlab.freedesktop.org/poppler/poppler/commit/bf75a957650dd5208ecf1f6db1555a3d00b7949c
Comment 3 Swamp Workflow Management 2021-12-01 20:30:09 UTC
SUSE-SU-2021:3854-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1092945,1102531,1107597,1114966,1115185,1115186,1115187,1115626,1120495,1120496,1120939,1120956,1124150,1127329,1129202,1130229,1131696,1131722,1142465,1143950,1179163
CVE References: CVE-2017-18267,CVE-2018-13988,CVE-2018-16646,CVE-2018-18897,CVE-2018-19058,CVE-2018-19059,CVE-2018-19060,CVE-2018-19149,CVE-2018-20481,CVE-2018-20551,CVE-2018-20650,CVE-2018-20662,CVE-2019-10871,CVE-2019-10872,CVE-2019-14494,CVE-2019-7310,CVE-2019-9200,CVE-2019-9631,CVE-2019-9903,CVE-2019-9959,CVE-2020-27778
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server for SAP 15 (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server 15-LTSS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    poppler-0.62.0-4.6.1
SUSE Enterprise Storage 6 (src):    poppler-0.62.0-4.6.1
SUSE CaaS Platform 4.0 (src):    poppler-0.62.0-4.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2021-12-01 21:14:06 UTC
openSUSE-SU-2021:3854-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1092945,1102531,1107597,1114966,1115185,1115186,1115187,1115626,1120495,1120496,1120939,1120956,1124150,1127329,1129202,1130229,1131696,1131722,1142465,1143950,1179163
CVE References: CVE-2017-18267,CVE-2018-13988,CVE-2018-16646,CVE-2018-18897,CVE-2018-19058,CVE-2018-19059,CVE-2018-19060,CVE-2018-19149,CVE-2018-20481,CVE-2018-20551,CVE-2018-20650,CVE-2018-20662,CVE-2019-10871,CVE-2019-10872,CVE-2019-14494,CVE-2019-7310,CVE-2019-9200,CVE-2019-9631,CVE-2019-9903,CVE-2019-9959,CVE-2020-27778
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    poppler-0.62.0-4.6.1
Comment 7 Swamp Workflow Management 2022-05-18 19:19:23 UTC
SUSE-SU-2022:1723-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1124150,1129202,1130229,1131696,1131722,1142465,1143950,1179163
CVE References: CVE-2019-10871,CVE-2019-10872,CVE-2019-14494,CVE-2019-7310,CVE-2019-9631,CVE-2019-9903,CVE-2019-9959,CVE-2020-27778
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    poppler-0.43.0-16.19.3, poppler-qt-0.43.0-16.19.3
SUSE Linux Enterprise Server 12-SP5 (src):    poppler-0.43.0-16.19.3, poppler-qt-0.43.0-16.19.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2022-05-18 19:22:40 UTC
SUSE-SU-2022:1724-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1124150,1129202,1131696,1131722,1142465,1143950,1179163
CVE References: CVE-2019-10871,CVE-2019-10872,CVE-2019-14494,CVE-2019-7310,CVE-2019-9631,CVE-2019-9959,CVE-2020-27778
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    poppler-0.24.4-14.20.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.