Bug#909802: poppler: CVE-2018-16646 denial-of-service via crafted file
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Thu Nov 8 10:51:37 GMT 2018
Hi Moritz,
On Di 06 Nov 2018 17:14:35 CET, Moritz Mühlenhoff wrote:
> On Fri, Sep 28, 2018 at 08:32:25PM +0200, Markus Koschany wrote:
>> Package: poppler
>> X-Debbugs-CC: team at security.debian.org
>> Severity: important
>> Tags: security
>>
>> Hi,
>>
>> The following vulnerability was published for poppler.
>>
>> CVE-2018-16646[0]:
>> | In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause
>> | infinite recursion via a crafted file. A remote attacker can leverage
>> | this for a DoS attack.
>
> For jessie the wrong patches got applied. They are based on MR 67, which
> didn't get merged in favour of the patch from MR 91.
>
> On a more general notice: This bug has virtually no security impact, it's
> hard too see why this change was made for an LTS release to begin with,
> but at least wait until it's applied/fixed in unstable before backporting.
Not security, but functionality. With the proof of malign content, I
could successfully freeze 1 core on the test system endlessly.
Unideal is the application of the wrong MR (for others, see
17c991f7992270d9f7ecf004741c1c3acc235b8d in security-tracker).
I have a modified version (+deb8u6, regression fix) ready for upload
to jessie LTS (see attached .debdiff). @Moritz: do you see any reason
for holding it back at this moment?
Thanks+Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: poppler_0.26.5-2+deb8u5_0.26.5-2+deb8u6.debdiff
URL: <http://alioth-lists.debian.net/pipermail/pkg-freedesktop-maintainers/attachments/20181108/0967476a/attachment-0001.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: Digitale PGP-Signatur
URL: <http://alioth-lists.debian.net/pipermail/pkg-freedesktop-maintainers/attachments/20181108/0967476a/attachment-0001.sig>
More information about the Pkg-freedesktop-maintainers
mailing list