XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Poppler | Freedesktop | 0.72.0 (including) | 0.72.0 (including) |
| Red Hat Enterprise Linux 7 | RedHat | evince-0:3.28.2-8.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | okular-0:4.10.5-7.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | poppler-0:0.26.5-38.el7 | * |
| Red Hat Enterprise Linux 8 | RedHat | poppler-0:0.66.0-11.el8_0.12 | * |
| Poppler | Ubuntu | bionic | * |
| Poppler | Ubuntu | cosmic | * |
| Poppler | Ubuntu | devel | * |
| Poppler | Ubuntu | esm-infra/bionic | * |
| Poppler | Ubuntu | esm-infra/xenial | * |
| Poppler | Ubuntu | trusty | * |
| Poppler | Ubuntu | xenial | * |
Potential Mitigations
References
- http://www.securityfocus.com/bid/106321
- https://access.redhat.com/errata/RHSA-2019:2022
- https://access.redhat.com/errata/RHSA-2019:2713
- https://gitlab.freedesktop.org/poppler/poppler/issues/692
- https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
- https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
- https://usn.ubuntu.com/3865-1/
- http://www.securityfocus.com/bid/106321
- https://access.redhat.com/errata/RHSA-2019:2022
- https://access.redhat.com/errata/RHSA-2019:2713
- https://gitlab.freedesktop.org/poppler/poppler/issues/692
- https://gitlab.freedesktop.org/poppler/poppler/merge_requests/143
- https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html
- https://usn.ubuntu.com/3865-1/