Bugzilla – Bug 1214622
VUL-0: CVE-2022-37050: poppler: denial-of-service via savePageAs in PDFDoc.c
Last modified: 2024-05-28 08:47:02 UTC
CVE-2022-37050 In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. Reference: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274 https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37050 https://bugzilla.redhat.com/show_bug.cgi?id=2234527 https://www.cve.org/CVERecord?id=CVE-2022-37050 https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274
TW/poppler :/214622/sep # pdfseparate poc 1.pdf [..] Syntax Error: Couldn't find trailer dictionary Syntax Error: XRef's Catalog is not a dictionary :/214622/sep # [fixed] 15sp4,15sp2,15/poppler /214622/sep # pdfseparate poc 1.pdf [..] Syntax Error: Couldn't find trailer dictionary Internal Error (0): Call to Object where the object was type 5, not the expected type 7 Aborted (core dumped) :/214622/sep # [reproduced] 12sp2/poppler: $ valgrind -q pdfseparate poc 1.pdf [..] Syntax Error (7133): Dictionary key must be a name object Syntax Error (36193): Missing 'endstream' or incorrect stream length Syntax Error (56589): Missing 'endstream' or incorrect stream length Syntax Error (79161): Missing 'endstream' or incorrect stream length [hangs] 12/poppler $ valgrind -q pdfseparate poc 1.pdf [..] Syntax Error (4840): Dictionary key must be a name object Syntax Error (7130): Dictionary key must be a name object Syntax Error (7132): Dictionary key must be a name object Syntax Error (7133): Dictionary key must be a name object $ [returns immediately] PATCH referenced in comment 0 TW/poppler has this already in, but also fixed some resource leaks: if (!catObj.isDict()) { fclose(f); delete yRef; delete countRef; delete outStr; error(errSyntaxError, -1, "XRef's Catalog is not a dictionary"); return errOpenFile; } all versions needs the patch AFTER 15sp4,15sp2,15/poppler $ pdfseparate poc 1.pdf [..] Syntax Error: Couldn't find trailer dictionary Syntax Error: XRef's Catelog is not a dictionary :/214622/sep # [fixed] 12sp2/poppler: $ valgrind -q pdfseparate poc 1.pdf [..] Syntax Error (7133): Dictionary key must be a name object Syntax Error (36193): Missing 'endstream' or incorrect stream length Syntax Error (56589): Missing 'endstream' or incorrect stream length Syntax Error (79161): Missing 'endstream' or incorrect stream length [hangs, looks like bsc#1128100] 12/poppler [..] Syntax Error (4840): Dictionary key must be a name object Syntax Error (7130): Dictionary key must be a name object Syntax Error (7132): Dictionary key must be a name object Syntax Error (7133): Dictionary key must be a name object $ [no change]
Will submit for 15sp4,15sp2,15,12sp2,12/poppler.
15sp5/poppler: patch already in, fixed
I believe all fixed.
SUSE-SU-2023:3947-1: An update that solves three vulnerabilities can now be installed. Category: security (moderate) Bug References: 1214618, 1214621, 1214622 CVE References: CVE-2022-37050, CVE-2022-37051, CVE-2022-38349 Sources used: openSUSE Leap 15.4 (src): poppler-qt6-22.01.0-150400.3.11.2, poppler-qt5-22.01.0-150400.3.11.2, poppler-22.01.0-150400.3.11.2 Basesystem Module 15-SP4 (src): poppler-22.01.0-150400.3.11.2 SUSE Package Hub 15 15-SP4 (src): poppler-qt5-22.01.0-150400.3.11.2, poppler-22.01.0-150400.3.11.2 SUSE Linux Enterprise Workstation Extension 15 SP5 (src): poppler-22.01.0-150400.3.11.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3983-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1214257, 1214618, 1214621, 1214622, 1215422 CVE References: CVE-2020-23804, CVE-2020-36024, CVE-2022-37050, CVE-2022-37051, CVE-2022-38349 Sources used: openSUSE Leap 15.4 (src): poppler-0.62.0-150000.4.25.2 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): poppler-0.62.0-150000.4.25.2 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): poppler-0.62.0-150000.4.25.2 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): poppler-0.62.0-150000.4.25.2 SUSE CaaS Platform 4.0 (src): poppler-0.62.0-150000.4.25.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3982-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1214257, 1214618, 1214621, 1214622, 1215422 CVE References: CVE-2020-23804, CVE-2020-36024, CVE-2022-37050, CVE-2022-37051, CVE-2022-38349 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): poppler-qt-0.43.0-16.35.2, poppler-0.43.0-16.35.2 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): poppler-qt-0.43.0-16.35.2, poppler-0.43.0-16.35.2 SUSE Linux Enterprise Server 12 SP5 (src): poppler-qt-0.43.0-16.35.2, poppler-0.43.0-16.35.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): poppler-qt-0.43.0-16.35.2, poppler-0.43.0-16.35.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3981-1: An update that solves four vulnerabilities can now be installed. Category: security (important) Bug References: 1214257, 1214618, 1214622, 1215422 CVE References: CVE-2020-23804, CVE-2020-36024, CVE-2022-37050, CVE-2022-38349 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): poppler-0.24.4-14.36.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3998-1: An update that solves five vulnerabilities can now be installed. Category: security (important) Bug References: 1214257, 1214618, 1214621, 1214622, 1215422 CVE References: CVE-2020-23804, CVE-2020-36024, CVE-2022-37050, CVE-2022-37051, CVE-2022-38349 Sources used: SUSE Manager Server 4.2 (src): poppler-0.79.0-150200.3.21.2 SUSE Enterprise Storage 7.1 (src): poppler-0.79.0-150200.3.21.2 openSUSE Leap 15.4 (src): poppler-0.79.0-150200.3.21.2 Basesystem Module 15-SP4 (src): poppler-0.79.0-150200.3.21.2 Basesystem Module 15-SP5 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): poppler-0.79.0-150200.3.21.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): poppler-0.79.0-150200.3.21.2 SUSE Manager Proxy 4.2 (src): poppler-0.79.0-150200.3.21.2 SUSE Manager Retail Branch Server 4.2 (src): poppler-0.79.0-150200.3.21.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done, closing