[Bug 1505858] Re: Segmentation fault in JPXStream::readTilePartData(JPXStream.cc:2142)

2018-08-20 Thread Bug Watch Updater 
** Changed in: poppler
   Status: Confirmed => Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/1505858

Title:
  Segmentation fault in JPXStream::readTilePartData(JPXStream.cc:2142)

To manage notifications about this bug go to:
https://bugs.launchpad.net/poppler/+bug/1505858/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1505858] Re: Segmentation fault in JPXStream::readTilePartData(JPXStream.cc:2142)

2015-10-29 Thread Marc Deslauriers 
** Bug watch added: freedesktop.org Bugzilla #92450
   https://bugs.freedesktop.org/show_bug.cgi?id=92450

** Also affects: poppler via
   https://bugs.freedesktop.org/show_bug.cgi?id=92450
   Importance: Unknown
   Status: Unknown

** Information type changed from Private Security to Public Security

** Changed in: poppler (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to poppler in Ubuntu.
https://bugs.launchpad.net/bugs/1505858

Title:
  Segmentation fault in JPXStream::readTilePartData(JPXStream.cc:2142)

To manage notifications about this bug go to:
https://bugs.launchpad.net/poppler/+bug/1505858/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1505858] Re: Segmentation fault in JPXStream::readTilePartData(JPXStream.cc:2142)

2015-10-29 Thread Bug Watch Updater 
Launchpad has imported 7 comments from the remote bug at
https://bugs.freedesktop.org/show_bug.cgi?id=92450.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2015-10-13T20:56:39+00:00 Saintlinu wrote:

Created attachment 118861
Use of this file could lead to crash the products using poppler library

Hello,

I've found some vulnerabilities in pdf viewers using famous library
named poppler such as evince, xpdf, okular and so on.

This is my short report and I used latest version of poppler (poppler-0.37.0).
Plus I've attached some findings.

Thanks
-Alex

in details:

alex@vm64:$ LD_LIBRARY_PATH=/usr/local/lib gdb --args ./evince 
~/hack/project/fuzzer/testcases/pdf/JPXDecode/fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1
GNU gdb (Ubuntu 7.10-1ubuntu2) 7.10
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
.
Find the GDB manual and other documentation resources online at:
.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./evince...done.
gdb$ r
Starting program: 
/home/alex/hack/project/evince/evince-3.18.0/shell/.libs/evince 
/home/alex/hack/project/fuzzer/testcases/pdf/JPXDecode/fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffece5e700 (LWP 17556)]
[New Thread 0x7fffec65d700 (LWP 17557)]
[New Thread 0x7fffebe5c700 (LWP 17558)]
[New Thread 0x7fffeb038700 (LWP 17563)]
[New Thread 0x7fffe9a4e700 (LWP 17564)]
[New Thread 0x7fffda2ab700 (LWP 17565)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe9a4e700 (LWP 17564)]
---[regs]
  RAX: 0x  RBX: 0x  RBP: 0x7FFFD005DA40  
RSP: 0x7FFFE9A4CF50  o d I t s z A p c 
  RDI: 0x7FFFD0042BA0  RSI: 0x  RDX: 0x0018  
RCX: 0x0001  RIP: 0x7FFFE8A04C49
  R8 : 0x  R9 : 0x0006  R10: 0x00A8  
R11: 0x7FFFD005DAB0  R12: 0x7FFFD0042850
  R13: 0x7FFFD005A0E0  R14: 0x7FFFD005DAB0  R15: 0x1923
  CS: 0033  DS:   ES:   FS:   GS:   SS: 002B
[0x002B:0x7FFFE9A4CF50]---[stack]
0x7FFFE9A4CFA0 : 01 00 00 00 FF 7F 00 00 - 01 00 00 00 FF 7F 00 00 

0x7FFFE9A4CF90 : 00 00 00 00 03 00 00 00 - 01 00 00 00 FF 7F 00 00 

0x7FFFE9A4CF80 : 50 A1 05 D0 FF 7F 00 00 - 90 BA 06 D0 FF 7F 00 00 
P...
0x7FFFE9A4CF70 : B4 CF A4 E9 FF 7F 00 00 - 03 00 00 00 00 00 00 00 

0x7FFFE9A4CF60 : 50 28 04 D0 FF 7F 00 00 - 80 C2 05 D0 FF 7F 00 00 
P(..
0x7FFFE9A4CF50 : 40 2D 04 D0 FF 7F 00 00 - 00 00 00 00 00 00 00 00 
@-..
---[code]
=> 0x7fffe8a04c49 :  movrbp,QWORD PTR [rax+0x10]
   0x7fffe8a04c4d :  lear11,[rbp+rbx*1+0x0]
   0x7fffe8a04c52 :  movr9d,DWORD PTR [r11+0x14]
   0x7fffe8a04c56 :  test   r9d,r9d
   0x7fffe8a04c59 :  je 0x7fffe8a04ca3 
   0x7fffe8a04c5b :  movr8d,DWORD PTR [r11+0x10]
   0x7fffe8a04c5f :  xoreax,eax
   0x7fffe8a04c61 :  xoredi,edi
-
0x7fffe8a04c49 in