Bug 1179163 (CVE-2020-27778) - VUL-0: CVE-2020-27778: poppler: poppler: buffer overflow in pdftohtml could result in a DoS
Summary: VUL-0: CVE-2020-27778: poppler: poppler: buffer overflow in pdftohtml could r...
Status: RESOLVED FIXED
Alias: CVE-2020-27778
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Peter Simons
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/272145/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-27778:5.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-24 15:29 UTC by Alexandros Toptsoglou
Modified: 2023-06-14 14:55 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
poc (40.11 KB, application/pdf)
2020-11-24 15:53 UTC, Alexandros Toptsoglou 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Alexandros Toptsoglou 2020-11-24 15:53:32 UTC 
Tracked as affected SLE15 SLE12-SP2 and SLE12 SLE11-SP1. I successfully reproduced the issue, using the POC in SLE15 and SLE12-SP2. I did not test SLE12. Testing SLE11-SP1 resulted in an infinite loop and then a a segmentation fault but probably from another reason. Briefly checking the code, the patch seems applicable in all codestreams. 
xpdf in SLE11-SP1 seems not affected, seems I could not locate the vulnerable code
Comment 2 Alexandros Toptsoglou 2020-11-24 15:53:47 UTC 
Created attachment 843844 [details]
poc
Comment 3 Alexandros Toptsoglou 2020-11-24 15:54:21 UTC 
SLE15-SP2 and Factory ship a fixed version
Comment 5 Swamp Workflow Management 2021-12-01 20:30:32 UTC 
SUSE-SU-2021:3854-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1092945,1102531,1107597,1114966,1115185,1115186,1115187,1115626,1120495,1120496,1120939,1120956,1124150,1127329,1129202,1130229,1131696,1131722,1142465,1143950,1179163
CVE References: CVE-2017-18267,CVE-2018-13988,CVE-2018-16646,CVE-2018-18897,CVE-2018-19058,CVE-2018-19059,CVE-2018-19060,CVE-2018-19149,CVE-2018-20481,CVE-2018-20551,CVE-2018-20650,CVE-2018-20662,CVE-2019-10871,CVE-2019-10872,CVE-2019-14494,CVE-2019-7310,CVE-2019-9200,CVE-2019-9631,CVE-2019-9903,CVE-2019-9959,CVE-2020-27778
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server for SAP 15 (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise Server 15-LTSS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    poppler-0.62.0-4.6.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    poppler-0.62.0-4.6.1
SUSE Enterprise Storage 6 (src):    poppler-0.62.0-4.6.1
SUSE CaaS Platform 4.0 (src):    poppler-0.62.0-4.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2021-12-01 21:14:27 UTC 
openSUSE-SU-2021:3854-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 1092945,1102531,1107597,1114966,1115185,1115186,1115187,1115626,1120495,1120496,1120939,1120956,1124150,1127329,1129202,1130229,1131696,1131722,1142465,1143950,1179163
CVE References: CVE-2017-18267,CVE-2018-13988,CVE-2018-16646,CVE-2018-18897,CVE-2018-19058,CVE-2018-19059,CVE-2018-19060,CVE-2018-19149,CVE-2018-20481,CVE-2018-20551,CVE-2018-20650,CVE-2018-20662,CVE-2019-10871,CVE-2019-10872,CVE-2019-14494,CVE-2019-7310,CVE-2019-9200,CVE-2019-9631,CVE-2019-9903,CVE-2019-9959,CVE-2020-27778
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    poppler-0.62.0-4.6.1
Comment 9 Swamp Workflow Management 2022-05-18 19:19:37 UTC 
SUSE-SU-2022:1723-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1124150,1129202,1130229,1131696,1131722,1142465,1143950,1179163
CVE References: CVE-2019-10871,CVE-2019-10872,CVE-2019-14494,CVE-2019-7310,CVE-2019-9631,CVE-2019-9903,CVE-2019-9959,CVE-2020-27778
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    poppler-0.43.0-16.19.3, poppler-qt-0.43.0-16.19.3
SUSE Linux Enterprise Server 12-SP5 (src):    poppler-0.43.0-16.19.3, poppler-qt-0.43.0-16.19.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2022-05-18 19:22:53 UTC 
SUSE-SU-2022:1724-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1124150,1129202,1131696,1131722,1142465,1143950,1179163
CVE References: CVE-2019-10871,CVE-2019-10872,CVE-2019-14494,CVE-2019-7310,CVE-2019-9631,CVE-2019-9959,CVE-2020-27778
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    poppler-0.24.4-14.20.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Petr Gajdos 2023-06-13 11:01:25 UTC 
Thanks to David, feels like fixed everywhere. I suggest to close this bug.