[Bug 224448] poppler appears to be hit by CVE-2007-0104

bugzilla at redhat.com bugzilla at redhat.com
Thu Jul 31 08:42:10 UTC 2008 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: poppler appears to be hit by CVE-2007-0104


https://bugzilla.redhat.com/show_bug.cgi?id=224448


fedora-triage-list at redhat.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|rawhide                     |9

thoger at redhat.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO
               Flag|                            |needinfo?(michal at harddata.co
                   |                            |m)




------- Additional Comments From fedora-triage-list at redhat.com  2008-05-13 22:34 EST -------
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

------- Additional Comments From thoger at redhat.com  2008-07-31 04:42 EST -------
Michal, do you still believe this issue affects current versions of poppler as
shipped in Fedora?  Recent versions of xpdf and poppler seem to detect loops in
page trees, so if you try to open MOAB-06-01-2007.pdf, you should get following
error:

  Error: Loop in Pages tree

instead of crash due to a stack memory exhaustion caused by a deep recursion.

This check was added to poppler sources via sync with xpdf code base in the
following commit:

http://cgit.freedesktop.org/poppler/poppler/diff/poppler/Catalog.cc?id=bf7e0e980bf29994021cb1228f89f582adddf284

As you can see, it actually deprecates / removes previous check that used a
fixed recursion limit.  Loops should no longer be a problem.

(I guess it may still be possible to create deep-enough tree that would cause
stack memory exhaustion, but again, crash seems to be the only impact.  If you
are concerned, it's probably better to report it directly to upstream BZ.)

Ok to close this bug?

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the fedora-triage-list mailing list