Debian Bug report logs - #476842
poppler: CVE-2008-1693 arbitrary code execution via a crafted font object

version graph

Package: poppler; Maintainer for poppler is Loic Minier <lool@dooz.org>;

Reported by: Nico Golde <nion@debian.org>

Date: Sat, 19 Apr 2008 14:24:01 UTC

Severity: important

Tags: security

Found in version 0.6.4-1

Fixed in version poppler/0.8.0-1

Done: Loic Minier <lool@dooz.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Ondřej Surý <ondrej@debian.org>:
Bug#476842; Package poppler. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Ondřej Surý <ondrej@debian.org>.

Your message specified a Severity: in the pseudo-header, but the severity value fillinseverity was not recognised. The default severity normal is being used instead. The recognised values are: critical, grave, serious, important, normal, minor, wishlist, fixed.

Full text and rfc822 format available.


Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: submit@bugs.debian.org
Subject: poppler: CVE-2008-1693 arbitrary code execution via a crafted font object
Date: Sat, 19 Apr 2008 16:22:55 +0200
[Message part 1 (text/plain, inline)]
Package: poppler
Version: FILLINAFFECTEDVERSION
Severity: FILLINSEVERITY
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for poppler.


CVE-2008-1693[0]:
| The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly
| before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications,
| does not properly handle embedded fonts in PDF files, which allows remote
| attackers to execute arbitrary code via a crafted font object, related to
| dereferencing a function pointer associated with the type of this font object.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1693
    http://security-tracker.debian.net/tracker/CVE-2008-1693

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Severity set to `grave' from `normal' Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Sat, 19 Apr 2008 14:33:02 GMT) Full text and rfc822 format available.

Bug no longer marked as found in version FILLINAFFECTEDVERSION. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Sat, 19 Apr 2008 14:36:02 GMT) Full text and rfc822 format available.

Bug marked as found in version 0.6.4-1. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Sat, 19 Apr 2008 14:36:03 GMT) Full text and rfc822 format available.

Severity set to `important' from `grave' Request was from Loic Minier <lool@dooz.org> to control@bugs.debian.org. (Mon, 21 Apr 2008 00:57:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Ondřej Surý <ondrej@debian.org>:
Bug#476842; Package poppler. Full text and rfc822 format available.

Acknowledgement sent to Loïc Minier <lool@dooz.org>:
Extra info received and forwarded to list. Copy sent to Ondřej Surý <ondrej@debian.org>. Full text and rfc822 format available.

Message #18 received at 476842@bugs.debian.org (full text, mbox):

From: Loïc Minier <lool@dooz.org>
To: Nico Golde <nion@debian.org>, 476842@bugs.debian.org
Subject: Re: Bug#476842: poppler: CVE-2008-1693 arbitrary code execution via a crafted font object
Date: Mon, 21 Apr 2008 03:03:31 +0200
On Sat, Apr 19, 2008, Nico Golde wrote:
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for poppler.

 Actually this is fixed even in 0.6.4 I believe, patch is:
http://gitweb.freedesktop.org/?p=poppler/poppler.git;a=commitdiff;h=1a531dcfee1c
6fc79a414c38cbe7327fbf9a59d8

 I've downgraded severity to important and will close the bug with the
 patch from the Ubuntu package which strengthen the reliability of the
 methods of the Object class.

-- 
Loïc Minier




Tags added: pending Request was from Loic Minier <lool@dooz.org> to control@bugs.debian.org. (Mon, 21 Apr 2008 01:39:05 GMT) Full text and rfc822 format available.

Tags added: pending Request was from Loic Minier <lool@dooz.org> to control@bugs.debian.org. (Mon, 21 Apr 2008 01:57:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Ondřej Surý <ondrej@debian.org>:
Bug#476842; Package poppler. Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Ondřej Surý <ondrej@debian.org>. Full text and rfc822 format available.

Message #27 received at 476842@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: Loïc Minier <lool@dooz.org>
Cc: 476842@bugs.debian.org
Subject: Re: Bug#476842: poppler: CVE-2008-1693 arbitrary code execution via a crafted font object
Date: Mon, 21 Apr 2008 12:59:00 +0200
[Message part 1 (text/plain, inline)]
Hi Loïc,
* Loïc Minier <lool@dooz.org> [2008-04-21 03:03]:
> On Sat, Apr 19, 2008, Nico Golde wrote:
> > the following CVE (Common Vulnerabilities & Exposures) id was
> > published for poppler.
> 
>  Actually this is fixed even in 0.6.4 I believe, patch is:
> http://gitweb.freedesktop.org/?p=poppler/poppler.git;a=commitdiff;h=1a531dcfee1c6fc79a414c38cbe7327fbf9a59d8

Yes, that is the patch

>  I've downgraded severity to important and will close the bug with the
>  patch from the Ubuntu package which strengthen the reliability of the
>  methods of the Object class.

Ok thanks!
Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Reply sent to Loic Minier <lool@dooz.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #32 received at 476842-close@bugs.debian.org (full text, mbox):

From: Loic Minier <lool@dooz.org>
To: 476842-close@bugs.debian.org
Subject: Bug#476842: fixed in poppler 0.8.0-1
Date: Sat, 26 Apr 2008 16:00:11 +0000
Source: poppler
Source-Version: 0.8.0-1

We believe that the bug you reported is fixed in the latest version of
poppler, which is due to be installed in the Debian FTP archive:

libpoppler-dev_0.8.0-1_i386.deb
  to pool/main/p/poppler/libpoppler-dev_0.8.0-1_i386.deb
libpoppler-glib-dev_0.8.0-1_i386.deb
  to pool/main/p/poppler/libpoppler-glib-dev_0.8.0-1_i386.deb
libpoppler-glib3_0.8.0-1_i386.deb
  to pool/main/p/poppler/libpoppler-glib3_0.8.0-1_i386.deb
libpoppler-qt-dev_0.8.0-1_i386.deb
  to pool/main/p/poppler/libpoppler-qt-dev_0.8.0-1_i386.deb
libpoppler-qt2_0.8.0-1_i386.deb
  to pool/main/p/poppler/libpoppler-qt2_0.8.0-1_i386.deb
libpoppler-qt4-3_0.8.0-1_i386.deb
  to pool/main/p/poppler/libpoppler-qt4-3_0.8.0-1_i386.deb
libpoppler-qt4-dev_0.8.0-1_i386.deb
  to pool/main/p/poppler/libpoppler-qt4-dev_0.8.0-1_i386.deb
libpoppler3_0.8.0-1_i386.deb
  to pool/main/p/poppler/libpoppler3_0.8.0-1_i386.deb
poppler-dbg_0.8.0-1_i386.deb
  to pool/main/p/poppler/poppler-dbg_0.8.0-1_i386.deb
poppler-utils_0.8.0-1_i386.deb
  to pool/main/p/poppler/poppler-utils_0.8.0-1_i386.deb
poppler_0.8.0-1.diff.gz
  to pool/main/p/poppler/poppler_0.8.0-1.diff.gz
poppler_0.8.0-1.dsc
  to pool/main/p/poppler/poppler_0.8.0-1.dsc
poppler_0.8.0.orig.tar.gz
  to pool/main/p/poppler/poppler_0.8.0.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 476842@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Loic Minier <lool@dooz.org> (supplier of updated poppler package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 17 Mar 2008 21:00:13 +0100
Source: poppler
Binary: libpoppler3 libpoppler-dev libpoppler-glib3 libpoppler-glib-dev libpoppler-qt2 libpoppler-qt-dev libpoppler-qt4-3 libpoppler-qt4-dev poppler-utils poppler-dbg
Architecture: source i386
Version: 0.8.0-1
Distribution: experimental
Urgency: low
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Loic Minier <lool@dooz.org>
Description: 
 libpoppler-dev - PDF rendering library -- development files
 libpoppler-glib-dev - PDF rendering library -- development files (GLib interface)
 libpoppler-glib3 - PDF rendering library (GLib-based shared library)
 libpoppler-qt-dev - PDF rendering library -- development files (Qt 3 interface)
 libpoppler-qt2 - PDF rendering library (Qt 3 based shared library)
 libpoppler-qt4-3 - PDF rendering library (Qt 4 based shared library)
 libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface)
 libpoppler3 - PDF rendering library
 poppler-dbg - PDF rendering library - detached debugging symbols
 poppler-utils - PDF utilitites (based on libpoppler)
Closes: 408403 476323 476842
Changes: 
 poppler (0.8.0-1) experimental; urgency=low
 .
   * Bump libcairo2-dev build-dep and dep to >= 1.4; thanks
     Marc 'HE' Brockschmidt.
   * New upstream stable release, with ABI and API changes; closes: #476323.
     - Rename libpoppler2 to libpoppler3, libpoppler-glib2 to libpoppler-glib3,
       and libpoppler-qt4-2 to libpoppler-qt4-3; NB: libpoppler-qt2 not
       renamed; update control, DEB_DH_MAKESHLIBS_ARGS_* in rules, rename
       install files.
     - Drop shlib version except for libpoppler-qt2.
     - Update patch 006_pthreads_ldflags for the version-info changes in
       poppler/Makefile.am.
     - Force usage of qt4's moc via a PATH setting; export PATH.
   * Let libpoppler-glib-dev depend on libglib2.0-dev >= 2.6 for consistency
     with build-deps.
   * New patch, 102_embedded-font-fixes; protects the methods of the Object
     class to be more robust and prevent things like CVE-2008-1693; see also
     FreeDesktop/Poppler #11392; taken from the Ubuntu package;
     closes: #476842.
   * Add a poppler-dbg package; closes: #408403.
     - Bump up cdbs build-dep to >= 0.4.51 for -dbg handling fixes.
     - Add poppler-dbg to control.
Checksums-Sha1: 
 032368029254aa62106345423de9be8dc99117a1 1492 poppler_0.8.0-1.dsc
 4f1ac5daca63b1a119d3e7446b296b0990246cf4 1447799 poppler_0.8.0.orig.tar.gz
 82d8060f6254e787da3b4bf55428c832d730cd3a 9834 poppler_0.8.0-1.diff.gz
 ae4d64744d2e1753f2737b56345175ae79a06853 799766 libpoppler3_0.8.0-1_i386.deb
 7a4d30d019b20f6bf7f45ad362cde475e60e4d68 1029752 libpoppler-dev_0.8.0-1_i386.deb
 a21d3d64e14b15b2a1a624d456eb68485ae6cfd5 205088 libpoppler-glib3_0.8.0-1_i386.deb
 ffdd1b0e4c8d0a477636eea44ad08dba5af9a201 259584 libpoppler-glib-dev_0.8.0-1_i386.deb
 a302820dcf3561601a0fd86045e8e581b8a947b5 168346 libpoppler-qt2_0.8.0-1_i386.deb
 397ce3d1728402a0a48e5f3c013a03947abf3cf1 172830 libpoppler-qt-dev_0.8.0-1_i386.deb
 72d0f4736123ac0159a11f9b6d40efe9c0400ecb 306062 libpoppler-qt4-3_0.8.0-1_i386.deb
 89bd1e091a19c5d56ce6a4213180619ea5bee3c3 339262 libpoppler-qt4-dev_0.8.0-1_i386.deb
 d7f3090060a42b1b38912443f568f075a3ad67ef 215654 poppler-utils_0.8.0-1_i386.deb
 c9c05e9f4b7530c2ff6bd9c9ab8fe816f9c4a018 3142458 poppler-dbg_0.8.0-1_i386.deb
Checksums-Sha256: 
 48af26e72493108e042936a24a6a8e5fd99e0da7200d931859a8bd67bd797f4a 1492 poppler_0.8.0-1.dsc
 86a85c385dca7274ce2a458ed77392425ef60d4587494bee2fbe933f39cadbcd 1447799 poppler_0.8.0.orig.tar.gz
 53dbd56da050f593536b6ab8395bfca3ddb4f4d23686b40ab9f62f742d1a2715 9834 poppler_0.8.0-1.diff.gz
 41b27d1d35666a52ed532910dcba35268c8d0e00fafd4ef354e5de436665e5a3 799766 libpoppler3_0.8.0-1_i386.deb
 67f1a4a5bf45bb7847eb7508780e20bbd177c4dda35cbbc4011eb154a51905e2 1029752 libpoppler-dev_0.8.0-1_i386.deb
 8d2635be32fe5fe2dcfe5181da516eabfa653acd4799d893d5ddb93689d01082 205088 libpoppler-glib3_0.8.0-1_i386.deb
 ee0427231e1cd7e79a448affd225342dda589afcfe2fc47e4fc785a81db0773f 259584 libpoppler-glib-dev_0.8.0-1_i386.deb
 f565a06c5c1bf3db2f468c95096d8f4a2bf3d16064631360af39abaa329637ad 168346 libpoppler-qt2_0.8.0-1_i386.deb
 690c4c76f58ffd512a456ef6b23ba077122b2ca87f3f30ccb67fd30a195cfeb4 172830 libpoppler-qt-dev_0.8.0-1_i386.deb
 05dbcc5965f453caf05699c8cef232520877442109a7d878b406cf00a381f430 306062 libpoppler-qt4-3_0.8.0-1_i386.deb
 7daf5b66ade119c55c23c3e5cd9e83045aef08b2dfa683fdeaa3f456f6acf2ca 339262 libpoppler-qt4-dev_0.8.0-1_i386.deb
 02fa417dd276d91f71dc16233afa8b47897db03d2339cbcc7fba00ffcf32b8f0 215654 poppler-utils_0.8.0-1_i386.deb
 e4bbcc91dd3b1e1b3b8bbb083f99113f0e66d91493a70c1e46ee4eb9d68082d1 3142458 poppler-dbg_0.8.0-1_i386.deb
Files: 
 40d5e95a0a9f5013f82768f40d81e840 1492 devel optional poppler_0.8.0-1.dsc
 1a3ea3000d3446a97366c37b876979f4 1447799 devel optional poppler_0.8.0.orig.tar.gz
 dea75bfa8a4f1dcc926e4dfd11958eb3 9834 devel optional poppler_0.8.0-1.diff.gz
 a71cf8afb4dc0fff104a010459dc2016 799766 libs optional libpoppler3_0.8.0-1_i386.deb
 3b9220d3071a8a2fa8729550b73212c9 1029752 libdevel optional libpoppler-dev_0.8.0-1_i386.deb
 255061c014accd8d7bf94d4b73542773 205088 libs optional libpoppler-glib3_0.8.0-1_i386.deb
 a290d8d595dd8a98376047d528b0c776 259584 libdevel optional libpoppler-glib-dev_0.8.0-1_i386.deb
 4eb50bd81221757ad2728fb4ccd36818 168346 libs optional libpoppler-qt2_0.8.0-1_i386.deb
 987c5d42427091c4de334942a80290e9 172830 libdevel optional libpoppler-qt-dev_0.8.0-1_i386.deb
 0462114a63c86842a8d062eb90fcbf57 306062 libs optional libpoppler-qt4-3_0.8.0-1_i386.deb
 9e9c689f7f8f80faf467e9c7e92fef10 339262 libdevel optional libpoppler-qt4-dev_0.8.0-1_i386.deb
 693669b638c30953507f405f705b10ed 215654 utils optional poppler-utils_0.8.0-1_i386.deb
 cfe553820c6a6ffae217086bb781a4f7 3142458 libs extra poppler-dbg_0.8.0-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIC/j94VUX8isJIMARAsr0AJ9UBydkiRAyHc3fRXqeS22v1LK0eACfZkuF
lr66TdAmz9XwVwXFL+5Ezbg=
=o6lB
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 18 Jul 2008 07:35:42 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 14:03:37 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.