Package: zathura Version: 0.5.2-1 Severity: important Tags: security I got an immediate segmentation fault on some PDF file.
I couldn't reproduce the crash on the same PDF file, so that I suppose that it is useless to attach it (which is a bit large). This is a PDF generated by paps piped to ps2pdf (to convert PostScript to PDF). zathura disables coredumps, which is a bigger issue, since one has no ideas where it crashes. Since PDF files often come from untrusted sources, this may be a security issue. In any case, the code needs to be carefully reviewed. -- System Information: Debian Release: 12.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') merged-usr: no Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-5-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages zathura depends on: ii libc6 2.36-8 ii libcairo2 1.16.0-7 ii libgirara-gtk3-3 0.3.9-1 ii libglib2.0-0 2.74.6-1 ii libgtk-3-0 3.24.37-2 ii libmagic1 1:5.44-3 ii libpango-1.0-0 1.50.12+ds-1 ii libseccomp2 2.5.4-1+b3 ii libsqlite3-0 3.40.1-1 ii libsynctex2 2022.20220321.62855-5 ii zathura-pdf-poppler 0.3.1-1 zathura recommends no packages. Versions of packages zathura suggests: ii firefox [www-browser] 110.0.1-1 hi firefox-esr [www-browser] 92.0-local ii lynx [www-browser] 2.9.0dev.12-1 ii opera-stable [www-browser] 96.0.4693.50 ii w3m [www-browser] 0.5.3+git20230121-2 pn zathura-cb <none> pn zathura-djvu <none> pn zathura-ps <none> -- no debconf information -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
