Hi, Xpdf up to 4.01.01 are affected by CVE-2019-10023. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10023 Best regards, Nico.
CVE: (none) => CVE-2019-10023Source RPM: (none) => xpdf-4.01.01-1.mga7.src.rpmWhiteboard: (none) => MGA7TOO, MGA6TOO
Summary: xpdf new security issue CVE-2019-10023 => xpdf new security issues CVE-2019-10018, CVE-2019-1002[13]CVE: CVE-2019-10023 => CVE-2019-10018, CVE-2019-10021, CVE-2019-10023
References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10018 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10019 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10023
CVE: CVE-2019-10018, CVE-2019-10021, CVE-2019-10023 => CVE-2019-10018, CVE-2019-10019, CVE-2019-10021, CVE-2019-10023Summary: xpdf new security issues CVE-2019-10018, CVE-2019-1002[13] => xpdf new security issues CVE-2019-1001[89], CVE-2019-1002[13]
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
new issue https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16927 which is fixed in 4.0.2
CC: (none) => mageia
cauldron was updated by "ns80"
Depends on: (none) => 24504
Whiteboard: MGA7TOO, MGA6TOO => MGA7TOOCVE: CVE-2019-10018, CVE-2019-10019, CVE-2019-10021, CVE-2019-10023 => CVE-2019-10018, CVE-2019-10019, CVE-2019-10021, CVE-2019-10023, CVE-2019-16927Summary: xpdf new security issues CVE-2019-1001[89], CVE-2019-1002[13] => xpdf new security issues CVE-2019-1001[89], CVE-2019-1002[13], CVE-2019-16927
Suggested advisory: ======================== The updated packages fix a security vulnerability: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. (CVE-2019-10018) An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. (CVE-2019-10019) An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. (CVE-2019-10021) An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. (CVE-2019-10023) Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. (CVE-2019-16927) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10018 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10019 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10023 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16927 ======================== Updated packages in core/updates_testing: ======================== xpdf-4.02-1.mga7 xpdf-common-4.02-1.mga7 from SRPMS: xpdf-4.02-1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugsWhiteboard: MGA7TOO => (none)Status: NEW => ASSIGNEDVersion: Cauldron => 7
MGA7-64 Plasma on Lenovo B50 No installation issues, is new installation for xpdf. Tried pdf filess from different sources, with all of them xpdf shows the same behavior: When a document is freshly opened, I cannot scroll the pages with the arrows in the toolbar. I can scroll ith the "PageUp" - "PageDown" buttons on the keyboard, once Ido that the arrows work, but not beyond the last page I went to with the keyboard. E.g.when I open a 10 page pdf and scroll to page 6 with the keyboard, the toolbar arrows let me navigate up and down 1 to 6, but not beyond page 6. In an instance with a 63 page pdf, the down (left pointing) arrow scrolled eratically up or down pages. I tested the same pdf's with xpdf 3.04 on M6, and there xpdf worked perfectly OK. No good for me.
CC: (none) => herman.viaene
OK Herman. Having a look at the proofs of concept just now. Shall see if your problem can be reproduced - if so that would need a separate bug report. Later.
CC: (none) => tarazed25
The POC files attached to these CVEs were run upstream in an asan framework against pdftotext, pdftoppm and pdftops (part of the poppler suite I think) as well as xpdf. The vulnerability affects common code. Saw later that these utilities are also regarded as xpdf tools. *Before the update* CVE-2019-10018 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 $ xpdf 'PostScriptFunction::exec@___FPE' Floating point exception (core dumped) $ xpdf 'PostScriptFunction::exec@Function.cc:1374-42___FPE' Floating point exception (core dumped) $ xpdf 'PostScriptFunction::exec@Function.cc:1420-42___FPE' Floating point exception (core dumped) CVE-2019-10019 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41275 $ xpdf 'PSOutputDev::checkPageSlice@PSOutputDev.cc:4198-37___FPE' This invoked Xpdf Reader and showed a blank page. Using the suggested function: $ pdftops 'PSOutputDev::checkPageSlice@PSOutputDev.cc:4198-37___FPE' out.ps Syntax Warning: No valid XRef size in trailer <No FPE or abort> CVE-2019-10021 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 $ xpdf 'Splash::scaleImageYuXu@Splash.cc:5556-21___FPE' Floating point exception (core dumped) $ xpdf 'Splash::scaleImageYuXu@Splash.cc:5560-20___FPE' Floating point exception (core dumped) CVE-2019-10023 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 $ xpdf 'PostScriptFunction::exec@Function.cc:1420-42___FPE' Floating point exception (core dumped) CVE-2019-16927 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885 $ xpdf crashfile.pdf <There does not seem to be a problem with this, but...> $ pdftotext crashfile.pdf out.txt Syntax Error (29635): Illegal character '{' Internal Error: xref num 23 not found but needed, try to reconstruct<0a> Syntax Error (29635): Illegal character '{' Syntax Error: Failed to parse XRef entry [915]. [...] Syntax Error (71667): Unknown operator 'to' Syntax Error (71667): Too few (1) args to 'Tm' operator *After the update* CVE-2019-10018 $ xpdf 'PostScriptFunction::exec@___FPE' $ xpdf 'PostScriptFunction::exec@Function.cc:1374-42___FPE' $ xpdf 'PostScriptFunction::exec@Function.cc:1420-42___FPE' A page is displayed with a black rectangle at the bottom left corner in all three cases. CVE-2019-10019 $ xpdf 'PSOutputDev::checkPageSlice@PSOutputDev.cc:4198-37___FPE' <Same result as before.> $ pdftops 'PSOutputDev::checkPageSlice@PSOutputDev.cc:4198-37___FPE' out.ps Syntax Warning: No valid XRef size in trailer <As before> CVE-2019-10021 $ xpdf 'Splash::scaleImageYuXu@Splash.cc:5556-21___FPE' $ xpdf 'Splash::scaleImageYuXu@Splash.cc:5560-20___FPE' <Both display a blank page. No core dumps.> CVE-2019-10023 $ xpdf 'PostScriptFunction::exec@Function.cc:1420-42___FPE' <Displays black rectangle on a white page. No FPE.> CVE-2019-16927 $ xpdf crashfile.pdf <Normal display - full output - no complaints.> $ pdftotext crashfile.pdf out.txt <Same error output as before. out.txt is generated and echoes the earlier input.> All these results look good. There is an indication that the problem was already handled before the update in a few cases. Tried out xpdf on a variety of PDF books and had no trouble. Scrolled from start to finish, tested zoom, indexing, page number and search function. No problems. This should be released.
Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0293.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
This update also fixed CVE-2019-12493 CVE-2019-12515 CVE-2019-1295[78] CVE-2019-1328[1236]: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/
CC: (none) => luigiwalser