Source: poppler Version: 0.57.0-2 Severity: important Tags: security upstream Forwarded: https://bugs.freedesktop.org/show_bug.cgi?id=103016
Hi, the following vulnerability was published for poppler. CVE-2017-15565[0]: | In Poppler 0.59.0, a NULL Pointer Dereference exists in the | GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted | PDF document. Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7a20501 in GfxImageColorMap::getGrayLine (this=0x5555557edea0, in=0x0, out=0x5555557ee360 "", length=331) at GfxState.cc:6136 6136 *inp = byte_lookup[*inp * nComps + i]; (gdb) bt #0 0x00007ffff7a20501 in GfxImageColorMap::getGrayLine (this=0x5555557edea0, in=0x0, out=0x5555557ee360 "", length=331) at GfxState.cc:6136 #1 0x000055555556d758 in CairoOutputDev::drawSoftMaskedImage (this=0x5555557c71e0, state=0x5555557d6220, ref=0x7fffffffe360, str=0x5555557fed40, width=331, height=58, colorMap=0x7fffffffde10, interpolate=false, maskStr=0x5555558072d0, maskWidth=331, maskHeight=58, maskColorMap=0x5555557edea0, maskInterpolate=false) at CairoOutputDev.cc:2711 #2 0x00007ffff79f5524 in Gfx::doImage (this=0x5555557c4bc0, ref=0x7fffffffe360, str=0x5555557fed40, inlineImg=false) at Gfx.cc:4704 #3 0x00007ffff79f3319 in Gfx::opXObject (this=0x5555557c4bc0, args=0x7fffffffe480, numArgs=1) at Gfx.cc:4213 #4 0x00007ffff79e01b6 in Gfx::execOp (this=0x5555557c4bc0, cmd=0x7fffffffe470, args=0x7fffffffe480, numArgs=1) at Gfx.cc:909 #5 0x00007ffff79dfa44 in Gfx::go (this=0x5555557c4bc0, topLevel=true) at Gfx.cc:767 #6 0x00007ffff79df7ef in Gfx::display (this=0x5555557c4bc0, obj=0x7fffffffe7c0, topLevel=true) at Gfx.cc:729 #7 0x00007ffff7a4ac9e in Page::displaySlice (this=0x5555557ca9b0, out=0x5555557c71e0, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, crop=false, sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, printing=true, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at Page.cc:601 #8 0x00007ffff7a4e973 in PDFDoc::displayPageSlice (this=0x5555557cb090, out=0x5555557c71e0, page=1, hDPI=72, vDPI=72, rotate=0, useMediaBox=false, crop=false, printing=true, sliceX=-1, sliceY=-1, sliceW=-1, sliceH=-1, abortCheckCbk=0x0, abortCheckCbkData=0x0, annotDisplayDecideCbk=0x0, annotDisplayDecideCbkData=0x0, copyXRef=false) at PDFDoc.cc:523 #9 0x000055555556107e in renderPage (doc=0x5555557cb090, cairoOut=0x5555557c71e0, pg=1, page_w=384, page_h=764, output_w=384, output_h=764) at pdftocairo.cc:666 #10 0x0000555555562c7c in main (argc=2, argv=0x7fffffffeb48) at pdftocairo.cc:1197 (gdb) list 6131 6132 default: 6133 inp = in; 6134 for (j = 0; j < length; j++) 6135 for (i = 0; i < nComps; i++) { 6136 *inp = byte_lookup[*inp * nComps + i]; 6137 inp++; 6138 } 6139 colorSpace->getGrayLine(in, out, length); 6140 break; (gdb) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15565 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15565 [1] https://bugs.freedesktop.org/show_bug.cgi?id=103016 Please adjust the affected versions in the BTS as needed. Regards, Salvatore