Bug 1214664 (CVE-2020-18839) - VUL-0: CVE-2020-18839: poppler: buffer overflow in HtmlOutputDev::page
Summary: VUL-0: CVE-2020-18839: poppler: buffer overflow in HtmlOutputDev::page
Status: NEW
Alias: CVE-2020-18839
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/375944/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-18839:5.5:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-08-28 06:18 UTC by Alexander Bergmann
Modified: 2023-09-19 14:35 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2023-08-28 06:18:49 UTC 
CVE-2020-18839

Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.

Reference:
https://gitlab.freedesktop.org/poppler/poppler/issues/742

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18839
https://bugzilla.redhat.com/show_bug.cgi?id=2234524
https://www.cve.org/CVERecord?id=CVE-2020-18839
https://gitlab.freedesktop.org/poppler/poppler/issues/742
Comment 1 Petr Gajdos 2023-09-19 13:52:38 UTC 
I could not reproduce with TW,15sp4,15sp2,15,12sp2,12/poppler.

$ valgrind  -q pdftohtml poc -f 1 /dev/null
Syntax Error (738): Dictionary key must be a name object
Syntax Error (751): Dictionary key must be a name object
Syntax Error (758): Illegal character '>'
Syntax Error (763): Dictionary key must be a name object
Syntax Error (769): Dictionary key must be a name object
Syntax Error (798): Illegal character ')'
Syntax Error (798): Dictionary key must be a name object
Syntax Error (820): Dictionary key must be a name object
Syntax Error (820): Illegal character '{'
Syntax Error (820): Dictionary key must be a name object
Syntax Error (846): Dictionary key must be a name object
Syntax Error (846): Dictionary key must be a name object
Syntax Error (849): Dictionary key must be a name object
Syntax Error (849): Illegal character '{'
Syntax Error (849): Dictionary key must be a name object
Syntax Error (899): Dictionary key must be a name object
Syntax Error (899): Illegal character ')'
Syntax Error (899): Dictionary key must be a name object
Syntax Error (905): Dictionary key must be a name object
Syntax Error (905): Dictionary key must be a name object
Syntax Error (916): Dictionary key must be a name object
Syntax Error (926): Dictionary key must be a name object
Syntax Error (933): Dictionary key must be a name object
Syntax Error (935): Dictionary key must be a name object
Syntax Error (937): Dictionary key must be a name object
Syntax Error (941): Dictionary key must be a name object
Syntax Error (943): Dictionary key must be a name object
Syntax Error (950): Dictionary key must be a name object
Syntax Error (738): Dictionary key must be a name object
Syntax Error (751): Dictionary key must be a name object
Syntax Error (758): Illegal character '>'
Syntax Error (763): Dictionary key must be a name object
Syntax Error (769): Dictionary key must be a name object
Syntax Error (798): Illegal character ')'
Syntax Error (798): Dictionary key must be a name object
Syntax Error (820): Dictionary key must be a name object
Syntax Error (820): Illegal character '{'
Syntax Error (820): Dictionary key must be a name object
Syntax Error (846): Dictionary key must be a name object
Syntax Error (846): Dictionary key must be a name object
Syntax Error (849): Dictionary key must be a name object
Syntax Error (849): Illegal character '{'
Syntax Error (849): Dictionary key must be a name object
Syntax Error (899): Dictionary key must be a name object
Syntax Error (899): Illegal character ')'
Syntax Error (899): Dictionary key must be a name object
Syntax Error (905): Dictionary key must be a name object
Syntax Error (905): Dictionary key must be a name object
Syntax Error (916): Dictionary key must be a name object
Syntax Error (926): Dictionary key must be a name object
Syntax Error (933): Dictionary key must be a name object
Syntax Error (935): Dictionary key must be a name object
Syntax Error (937): Dictionary key must be a name object
Syntax Error (941): Dictionary key must be a name object
Syntax Error (943): Dictionary key must be a name object
Syntax Error (950): Dictionary key must be a name object
Syntax Error: Loop in Pages tree
$

Only 12/poppler is missing the patch.
Comment 2 Petr Gajdos 2023-09-19 14:35:38 UTC 
(In reply to Petr Gajdos from comment #1)
> Only 12/poppler is missing the patch.

Ah nope. Even 12/poppler is already fixed.

This is because we solved upstream bug 742 trough CVE-2020-27778. So this is sort of duplicate of CVE-2020-27778 bsc#1179163.

12sp2,12/poppler has CVE-2020-27778.patch
15+/poppler has this in upstream tarball already