helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

poppler: fix CVE-2023-34872

Browse Source 
A vulnerability in Outline.cc for Poppler prior to 23.06.0
allows a remote attacker to cause a Denial of Service (DoS)
(crash) via a crafted PDF file in OutlineItem::open.

Reference:
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Yogita Urade 2023-08-18 11:22:52 +00:00 committed by Armin Kuster
parent 48b590afc4
commit 361b62f6a0
2 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
meta-oe/recipes-support/poppler/poppler/CVE-2023-34872.patch Normal file
View File

@ -0,0 +1,46 @@
From 591235c8b6c65a2eee88991b9ae73490fd9afdfe Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Fri, 18 Aug 2023 09:17:07 +0000
Subject: [PATCH] OutlineItem::open: Fix crash on malformed files
Fixes #1399
CVE: CVE-2023-34872
Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
poppler/Outline.cc | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/poppler/Outline.cc b/poppler/Outline.cc
index cbb6cb4..4c68be9 100644
--- a/poppler/Outline.cc
+++ b/poppler/Outline.cc
@@ -14,7 +14,7 @@
// under GPL version 2 or later
//
// Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com>
-// Copyright (C) 2008, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2008, 2016-2019, 2021, 2023 Albert Astals Cid <aacid@kde.org>
// Copyright (C) 2009 Nick Jones <nick.jones@network-box.com>
// Copyright (C) 2016 Jason Crain <jason@aquaticape.us>
// Copyright (C) 2017 Adrian Johnson <ajohnson@redneon.com>
@@ -483,8 +483,12 @@ void OutlineItem::open()
{
if (!kids) {
Object itemDict = xref->fetch(ref);
- const Object &firstRef = itemDict.dictLookupNF("First");
- kids = readItemList(this, &firstRef, xref, doc);
+ if (itemDict.isDict()) {
+ const Object &firstRef = itemDict.dictLookupNF("First");
+ kids = readItemList(this, &firstRef, xref, doc);
+ } else {
+ kids = new std::vector<OutlineItem *>();
+ }
}
}
--
2.35.5

1
meta-oe/recipes-support/poppler/poppler_23.03.0.bb
View File

@ -7,6 +7,7 @@ SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \
file://0001-Do-not-overwrite-all-our-build-flags.patch \ file://0001-Do-not-overwrite-all-our-build-flags.patch \
file://basename-include.patch \ file://basename-include.patch \
file://0001-cmake-Do-not-use-isystem.patch \ file://0001-cmake-Do-not-use-isystem.patch \
file://CVE-2023-34872.patch \
" "
SRC_URI[sha256sum] = "b04148bf849c1965ada7eff6be4685130e3a18a84e0cce73bf9bc472ec32f2b4" SRC_URI[sha256sum] = "b04148bf849c1965ada7eff6be4685130e3a18a84e0cce73bf9bc472ec32f2b4"