[Bug 1803059] Re: Nullpointer dereference
Thank you, the bug is fixed for me. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
Fix released for trusty, bionic, xenial and cosmic https://usn.ubuntu.com/3837-2/ -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
This bug was fixed in the package poppler - 0.71.0-0ubuntu3 --- poppler (0.71.0-0ubuntu3) disco; urgency=medium * Re-upload the 0.71 update which was deleted from disco-proposed to not get in the way of other transitions (lp: #1796717) - include a fix for a crash due to missing embedded file (lp: #1803059) poppler (0.71.0-0ubuntu2) disco; urgency=medium * Declare some symbols optional to fix the build poppler (0.71.0-0ubuntu1) disco; urgency=medium * New upstream version * Changed the binary name according to the soname update * Updated the symbols -- Sebastien Bacher Fri, 23 Nov 2018 15:35:31 +0100 ** Changed in: poppler (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
Hi Miguel, Sorry for the inconvenient, I`m aware of the situation and I`m working to fix this issue. Thanks tor report this. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
Problem seems to be still present, possibly due to previous change. Crashes when opening PDF files since last update in Ubuntu ** Changed in: poppler (Ubuntu) Status: Fix Committed => Confirmed -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
I am getting reproducible crashes after update from poppler 0.62.0-2ubuntu2.2 to poppler 0.62.0-2ubuntu2.4 Test PDF file attached. Crashed experiences since following upgrades: libpoppler-cpp-dev (0.62.0-2ubuntu2.2) to 0.62.0-2ubuntu2.4 libpoppler-cpp0v5 (0.62.0-2ubuntu2.2) to 0.62.0-2ubuntu2.4 libpoppler-dev (0.62.0-2ubuntu2.2) to 0.62.0-2ubuntu2.4 libpoppler-glib8 (0.62.0-2ubuntu2.2) to 0.62.0-2ubuntu2.4 libpoppler-private-dev (0.62.0-2ubuntu2.2) to 0.62.0-2ubuntu2.4 libpoppler-qt5-1 (0.62.0-2ubuntu2.2) to 0.62.0-2ubuntu2.4 libpoppler73 (0.62.0-2ubuntu2.2) to 0.62.0-2ubuntu2.4 poppler-utils (0.62.0-2ubuntu2.2) to 0.62.0-2ubuntu2.4 Reverting to previous versions fixes the crashes. System: 18.04.1 LTS bionic (32 bit) Linux 4.15.0-42-generic #45-Ubuntu SMP Thu Nov 15 19:32:10 UTC 2018 i686 i686 i686 GNU/Linux PC gdb trace: Starting program: /usr/bin/evince Bureau/evince/test_CGV_FORFAIT_hors_opt_20170308.pdf [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1". [New Thread 0xb5b82b40 (LWP 6602)] [New Thread 0xb51ffb40 (LWP 6603)] [New Thread 0xb47ffb40 (LWP 6604)] warning: Error reading shared library list entry at 0x6840 warning: Error reading shared library list entry at 0x5a60 [New Thread 0xb3c77b40 (LWP 6608)] warning: Error reading shared library list entry at 0x75e0 [New Thread 0xb1356b40 (LWP 6609)] warning: Error reading shared library list entry at 0x5130 warning: Error reading shared library list entry at 0x97b0 Thread 6 "EvJobScheduler" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb1356b40 (LWP 6609)] 0xb096a379 in Parser::makeStream(Object&&, unsigned char*, CryptAlgorithm, int, int, int, int, bool) () from /usr/lib/i386-linux-gnu/libpoppler.so.73 ** Attachment added: "With poppler 0.62.0-2ubuntu2.4, evince and other PDF readers will immediately crash on my system" https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+attachment/5220277/+files/test_CGV_FORFAIT_hors_opt_20170308.pdf -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
The SRU was superseeded by proper security updates it looks like, closing the bug manually now ** Changed in: poppler (Ubuntu Cosmic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
The upstream commit was assigned CVE-2018-19149. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19149 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
> Hey, this is fix now i cannot reproduce the crash. Also was any CVE assigned to this ? No CVE assigned, do you believe it should have one? It seems a segfault but no sign of being possible to exploit? I'm Ccing the security team in case they want to comment though -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
This bug was fixed in the package poppler - 0.62.0-2ubuntu2.4 --- poppler (0.62.0-2ubuntu2.4) bionic-security; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: infinite recursion via crafted file - debian/patches/CVE-2018-16646.patch: avoid cycles in PDF parsing in poppler/Parser.cc, poppler/XRef.h. - CVE-2018-16646 * SECURITY UPDATE: denial of service via reachable abort - debian/patches/CVE-2018-19058.patch: check for stream before calling stream methods when saving an embedded file in poppler/FileSpec.cc. - CVE-2018-19058 * SECURITY UPDATE: denial of service via out-of-bounds read - debian/patches/CVE-2018-19059.patch: check for valid embedded file before trying to save it in utils/pdfdetach.cc. - CVE-2018-19059 * SECURITY UPDATE: denial of service via NULL pointer dereference - debian/patches/CVE-2018-19060.patch: check for valid file name of embedded file in utils/pdfdetach.cc. - CVE-2018-19060 -- leo.barb...@canonical.com (Leonidas S. Barbosa) Fri, 30 Nov 2018 14:36:01 -0300 ** Changed in: poppler (Ubuntu Bionic) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16646 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19058 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19059 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19060 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
Hey, this is fix now i cannot reproduce the crash. Also was any CVE assigned to this ? -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
Hello Dhiraj, or anyone else affected, Accepted poppler into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: poppler (Ubuntu Bionic) Status: New => Fix Committed ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
Hello Dhiraj, or anyone else affected, Accepted poppler into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/poppler/0.68.0-0ubuntu1.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Also affects: poppler (Ubuntu Cosmic) Importance: Undecided Status: New ** Changed in: poppler (Ubuntu Cosmic) Status: New => Fix Committed ** Tags added: verification-needed verification-needed-cosmic -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
** Description changed: + * Impact + Evince segfaults on some pdf documents + + * Test case + Download and try to open https://bugs.freedesktop.org/attachment.cgi?id=138927 with evince, it shouldn't segfault + + * Regression potential + Nothing special to test, make sure evince still opens pdfs without issue + + - + System Info: Linux zero 4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:59:38 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux Evince version: GNOME Document Viewer 3.28.4 While fuzzing evince v3.28.4, on linux 4.15.0-38-generic (Ubuntu 18.04 LTS), a null-pointer dereference was observed, initially this was reported to evince but the evince team advised that the issue is in poppler, the library used by evince to render PDF, poppler version: 0.62.0-2ubuntu2.2 is vulnerable to null-pointer dereference, however the issue is already fixed in poppler 0.70, but this will still crash your evince v3.28.4 in ubuntu if poppler is not updated to v.0.70. Fuzzing result showing a very important vulnerability in a package currently shipped by a major Linux distribution is still of interest, even if that Linux distribution does not package the latest released upstream version. I think Ubuntu is still using, Source: poppler Version: 0.62.0-2ubuntu2.2 So, most of the systems will be affected to this issue. Upstream: https://gitlab.freedesktop.org/poppler/poppler/issues/664 -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
upstream suggests the fix might be https://gitlab.freedesktop.org/poppler/poppler/commit/f162ecde -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to poppler in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
The bug is fixed in 0.70 according to upstream ** Changed in: evince (Ubuntu) Importance: Undecided => High ** Changed in: evince (Ubuntu) Status: New => Fix Committed ** Package changed: evince (Ubuntu) => poppler (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 1803059] Re: Nullpointer dereference
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evince in Ubuntu. https://bugs.launchpad.net/bugs/1803059 Title: Nullpointer dereference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1803059/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs