diff options
author | Yogita Urade <yogita.urade@windriver.com> | 2023-08-18 11:22:52 +0000 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2023-09-15 07:22:08 -0400 |
commit | 361b62f6a0cc44757d8dbaddb1e06ba7bb473310 (patch) | |
tree | ae80e8477cf1813835521ae60f9b5b92c437cd88 | |
parent | 48b590afc4381cebc477d27a4d1efebed23c32e8 (diff) | |
download | meta-openembedded-stable/mickledore-nut.tar.gz |
poppler: fix CVE-2023-34872stable/mickledore-nut
A vulnerability in Outline.cc for Poppler prior to 23.06.0
allows a remote attacker to cause a Denial of Service (DoS)
(crash) via a crafted PDF file in OutlineItem::open.
Reference:
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch | 46 | ||||
-rw-r--r-- | meta-oe/recipes-support/poppler/poppler_23.03.0.bb | 1 |
2 files changed, 47 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch b/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch new file mode 100644 index 0000000000..69f164de96 --- /dev/null +++ b/meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch @@ -0,0 +1,46 @@ +From 591235c8b6c65a2eee88991b9ae73490fd9afdfe Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Fri, 18 Aug 2023 09:17:07 +0000 +Subject: [PATCH] OutlineItem::open: Fix crash on malformed files + +Fixes #1399 + +CVE: CVE-2023-34872 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe] + +Signed-off-by: Yogita Urade <yogita.urade@windriver.com> +--- + poppler/Outline.cc | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/poppler/Outline.cc b/poppler/Outline.cc +index cbb6cb4..4c68be9 100644 +--- a/poppler/Outline.cc ++++ b/poppler/Outline.cc +@@ -14,7 +14,7 @@ + // under GPL version 2 or later + // + // Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com> +-// Copyright (C) 2008, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org> ++// Copyright (C) 2008, 2016-2019, 2021, 2023 Albert Astals Cid <aacid@kde.org> + // Copyright (C) 2009 Nick Jones <nick.jones@network-box.com> + // Copyright (C) 2016 Jason Crain <jason@aquaticape.us> + // Copyright (C) 2017 Adrian Johnson <ajohnson@redneon.com> +@@ -483,8 +483,12 @@ void OutlineItem::open() + { + if (!kids) { + Object itemDict = xref->fetch(ref); +- const Object &firstRef = itemDict.dictLookupNF("First"); +- kids = readItemList(this, &firstRef, xref, doc); ++ if (itemDict.isDict()) { ++ const Object &firstRef = itemDict.dictLookupNF("First"); ++ kids = readItemList(this, &firstRef, xref, doc); ++ } else { ++ kids = new std::vector<OutlineItem *>(); ++ } + } + } + +-- +2.35.5 diff --git a/meta-oe/recipes-support/poppler/poppler_23.03.0.bb b/meta-oe/recipes-support/poppler/poppler_23.03.0.bb index 165e155ec9..81e776d8f6 100644 --- a/meta-oe/recipes-support/poppler/poppler_23.03.0.bb +++ b/meta-oe/recipes-support/poppler/poppler_23.03.0.bb @@ -7,6 +7,7 @@ SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \ file://0001-Do-not-overwrite-all-our-build-flags.patch \ file://basename-include.patch \ file://0001-cmake-Do-not-use-isystem.patch \ + file://CVE-2023-34872.patch \ " SRC_URI[sha256sum] = "b04148bf849c1965ada7eff6be4685130e3a18a84e0cce73bf9bc472ec32f2b4" |