Bugzilla – Bug 1226916
VUL-0: CVE-2024-6239: poppler,poppler-qt: crash when using pdfinfo with -dests parameter on malformed input files
Last modified: 2024-07-08 16:30:16 UTC
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-6239 https://bugzilla.redhat.com/show_bug.cgi?id=2293594 https://www.cve.org/CVERecord?id=CVE-2024-6239 https://access.redhat.com/security/cve/CVE-2024-6239
The -dests parameter, which allows the triggering of the vulnerability, was introduced in poppler with the changes from commit a8d670b5 [0]. This means only versions 0.58 and later of poppler seem to be affected by this issue. [0] https://gitlab.freedesktop.org/poppler/poppler/-/commit/a8d670b59b0301040e716f3a11a78fce1177337d
Upstream issue: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1489 Fixing commit: https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4
Managed to reproduce with 24.06.1 and verified it is fixed with commit referenced below. BEFORE $ pdfinfo -dests poc.pdf Syntax Warning: May not be a PDF file (continuing anyway) Syntax Error (29): Dictionary key must be a name object [..] 1 [ XYZ 0 375 null ] "Page.2" Syntax Error (98): Dictionary key must be a name object Syntax Error (102): Dictionary key must be a name object Syntax Error (105): Dictionary key must be a name object Syntax Error (109): Dictionary key must be a name object Segmentation fault (core dumped) $ PATCH https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4 AFTER $ pdfinfo -dests poc.pdf Syntax Warning: May not be a PDF file (continuing anyway) Syntax Error (29): Dictionary key must be a name object [..] 2 [ XYZ 0 375 null ] "Page.2" $
Devel project submit request: https://build.opensuse.org/request/show/1183129
Submitted for alp,15sp6,15sp5,15sp4,15sp2. slfo remains as I am waiting for devel project acceptance as I would like to use this opportunity to version update poppler there.
(In reply to Petr Gajdos from comment #6) > slfo remains as I am waiting for devel project acceptance as I would like to > use this opportunity to version update poppler there. New poppler breaks some packages, therefore submitting just the patch: https://build.suse.de/request/show/337272
I believe all submitted.
SUSE-SU-2024:2334-1: An update that solves one vulnerability can now be installed. Category: security (low) Bug References: 1226916 CVE References: CVE-2024-6239 Maintenance Incident: [SUSE:Maintenance:34490](https://smelt.suse.de/incident/34490/) Sources used: Basesystem Module 15-SP5 (src): poppler-0.79.0-150200.3.32.1 Basesystem Module 15-SP6 (src): poppler-0.79.0-150200.3.32.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2333-1: An update that solves one vulnerability can now be installed. Category: security (low) Bug References: 1226916 CVE References: CVE-2024-6239 Maintenance Incident: [SUSE:Maintenance:34489](https://smelt.suse.de/incident/34489/) Sources used: openSUSE Leap 15.4 (src): poppler-qt5-22.01.0-150400.3.22.1, poppler-qt6-22.01.0-150400.3.22.1, poppler-22.01.0-150400.3.22.1 SUSE Linux Enterprise Workstation Extension 15 SP5 (src): poppler-22.01.0-150400.3.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:2332-1: An update that solves one vulnerability can now be installed. Category: security (low) Bug References: 1226916 CVE References: CVE-2024-6239 Maintenance Incident: [SUSE:Maintenance:34488](https://smelt.suse.de/incident/34488/) Sources used: Basesystem Module 15-SP5 (src): poppler-23.01.0-150500.3.11.1 SUSE Package Hub 15 15-SP5 (src): poppler-23.01.0-150500.3.11.1, poppler-qt5-23.01.0-150500.3.11.1 openSUSE Leap 15.5 (src): poppler-23.01.0-150500.3.11.1, poppler-qt6-23.01.0-150500.3.11.1, poppler-qt5-23.01.0-150500.3.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.