Bug#1106143: libpoppler126: crash when verifying incomplete PDF signatures using NSS
Juraj Šarinay
juraj at sarinay.com
Tue May 20 09:07:38 BST 2025
Package: libpoppler126
Version: 22.12.0-2+deb12u1
Severity: normal
X-Debbugs-Cc: juraj at sarinay.com
Dear Maintainer,
when opening a signed PDF with empty SignedData.digestAlgorithms,
poppler crashes due to nullptr dereference. See the attached bad-empty-
digestalgorithms.pdf
The issue has been fixed upstream since 24.01.0:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/afaddf1be66aed2931a146bb6555225c82cceacd
Best,
Juraj
-- System Information:
Debian Release: 12.11
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'stable-debug'), (500, 'proposed-updates-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-35-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=sk_SK.UTF-8, LC_CTYPE=sk_SK.UTF-8 (charmap=UTF-8),
LANGUAGE=sk:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libpoppler126 depends on:
ii libc6 2.36-9+deb12u10
ii libfontconfig1 2.14.1-4
ii libfreetype6 2.12.1+dfsg-5+deb12u4
ii libjpeg62-turbo 1:2.1.5-2
ii liblcms2-2 2.14-2
ii libnspr4 2:4.35-1
ii libnss3 2:3.87.1-1+deb12u1
ii libopenjp2-7 2.5.0-2+deb12u1
ii libpng16-16 1.6.39-2
ii libstdc++6 12.2.0-14+deb12u1
ii libtiff6 4.5.0-6+deb12u2
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages libpoppler126 recommends:
ii poppler-data 0.4.12-1
libpoppler126 suggests no packages.
-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bad-empty-digestalgorithms.pdf
Type: application/pdf
Size: 11894 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-freedesktop-maintainers/attachments/20250520/e739e656/attachment.pdf>
More information about the Pkg-freedesktop-maintainers
mailing list