+++ This bug was initially created as a clone of Bug #22352 +++ Ubuntu has issued an advisory today (January 8): https://usn.ubuntu.com/usn/usn-3517-1/ It fixes one issue that we haven't yet. Suggested advisory: ======================== The updated packages fix a security vulnerability: freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations (CVE-2017-1000456). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000456 https://usn.ubuntu.com/usn/usn-3517-1/ ======================== Updated packages in core/updates_testing: ======================== poppler-0.26.5-2.8.mga5 libpoppler46-0.26.5-2.8.mga5 libpoppler-devel-0.26.5-2.8.mga5 libpoppler-cpp0-0.26.5-2.8.mga5 libpoppler-qt4-devel-0.26.5-2.8.mga5 libpoppler-qt5-devel-0.26.5-2.8.mga5 libpoppler-qt4_4-0.26.5-2.8.mga5 libpoppler-qt5_1-0.26.5-2.8.mga5 libpoppler-glib8-0.26.5-2.8.mga5 libpoppler-gir0.18-0.26.5-2.8.mga5 libpoppler-glib-devel-0.26.5-2.8.mga5 libpoppler-cpp-devel-0.26.5-2.8.mga5 from poppler-0.26.5-2.8.mga5.src.rpm
Repeating the same PoC Len did in: https://bugs.mageia.org/show_bug.cgi?id=22352#c3 Before: $ pdftotext 0JBYrSy8_CRASHED.pdf Syntax Error: Embedded font file may be invalid Syntax Error (20431): Unknown operator 'TJJJJJJJJJJJJJJ' Segmentation fault After: $ pdftotext 0JBYrSy8_CRASHED.pdf Syntax Error: Embedded font file may be invalid Syntax Error (20431): Unknown operator 'TJJJJJJJJJJJJJJ' Syntax Warning: wordBaseIdx out of range Syntax Warning: wordBaseIdx out of range Syntax Warning: wordBaseIdx out of range Syntax Warning: wordBaseIdx out of range Syntax Error (17678): Bad 'Length' attribute in stream Syntax Warning: wordBaseIdx out of range Looks good on Mageia 5 x86_64.
Whiteboard: (none) => MGA5-64-OK
Testing on Mageia 5 :: x86_64 Tried the POC before updating: $ pdftotext 0JBYrSy8_CRASHED.pdf Syntax Error: Embedded font file may be invalid Syntax Error (20431): Unknown operator 'TJJJJJJJJJJJJJJ' Segmentation fault The POC test file can be traced via the CVE-2017-1000456 link. Clean update for the 12 packages. $ pdftotext 0JBYrSy8_CRASHED.pdf Syntax Error: Embedded font file may be invalid Syntax Error (20431): Unknown operator 'TJJJJJJJJJJJJJJ' Syntax Warning: wordBaseIdx out of range Syntax Warning: wordBaseIdx out of range Syntax Warning: wordBaseIdx out of range Syntax Warning: wordBaseIdx out of range Syntax Error (17678): Bad 'Length' attribute in stream Syntax Warning: wordBaseIdx out of range No segfault anyway. Used an ebook to test the functionality: $ pdfimages -all PythonCookbook_2.pdf cookbook [lcl@difda books]$ ls cookbook* cookbook-000.jp2 cookbook-003.jb2e cookbook-006.jb2e cookbook-009.jb2e cookbook-001.jp2 cookbook-004.jp2 cookbook-007.jb2e cookbook-002.jb2e cookbook-005.jb2e cookbook-008.jb2e $ display cookbook-000.jp2 $ display cookbook-005.jb2e display: no decode delegate for this image format `JB2E' @ error/constitute.c/ReadImage/504. jb2e not recognized by ImageMagick so default to PNG. $ rm -f cookbook* $ pdfimages -png PythonCookbook_2.pdf cookbook $ display cookbook-000.png $ display cookbook-005.png All the images displayed correctly. $ pdfinfo PythonCookbook_2.pdf | grep Pages Pages: 846 $ pdfseparate -f 11 -l 44 PythonCookbook_2.pdf pages%d.pdf This produced 34 single page PDFs from pages 11 to 44, e.g. pages26.pdf. A couple taken at random displayed properly in xpdf and okular. Create a new pdf based on the extracted pages. $ pdfunite pages*.pdf pages.pdf That could be read with a pdf reader and contained the original page numbers. pdfjam or pdfbook can be used to create books or booklets from a series of images and pdf files, if you can understand the help instructions. Had to give up on that. $ pdf2ps -dLanguageLevel=3 pages.pdf pages.ps created a Postscript file which could be viewed page by page in gs by hitting Return repeatedly. The pages were exact copies. In this case the 34 pages translated to a 27 MB file. Used less to examine it: %!PS-Adobe-3.0 %%BoundingBox: 0 0 612 792 %%HiResBoundingBox: 0 0 612.00 792.00 %%Creator: GPL Ghostscript 922 (ps2write) %%LanguageLevel: 2 %%CreationDate: D:20180113191008Z00'00' %%Pages: 34 %%EndComments %%BeginProlog /DSC_OPDFREAD true def /SetPageSize true def /EPS2Write false def This is all good enough for an OK. Just collided with you David. Thanks.
CC: (none) => tarazed25
Keywords: (none) => advisory
Sorry; forgot to validate at the same time.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0083.html
Status: NEW => RESOLVEDResolution: (none) => FIXED