mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

poppler: fix CVE-2021-30860

Browse Source 
An integer overflow was addressed with improved input validation. This
issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS
14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted
PDF may lead to arbitrary code execution. Apple is aware of a report that
this issue may have been actively exploited.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-30860

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Urade, Yogita
2023-02-28 05:19:43 +00:00
committed by Armin Kuster
parent 109b546307
commit 4676fa71c6
2 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch
+41
View File
@@ -0,0 +1,41 @@
From 27354e9d9696ee2bc063910a6c9a6b27c5184a52 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Thu, 25 Aug 2022 00:14:22 +0200
Subject: [PATCH] JBIG2Stream: Fix crash on broken file
https://github.com/jeffssh/CVE-2021-30860
Thanks to David Warren for the heads up
CVE: CVE-2021-30860
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-30860
Upstream-Status: Backport
[https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
poppler/JBIG2Stream.cc | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 662276e5..9f70431d 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -1976,7 +1976,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless
for (i = 0; i < nRefSegs; ++i) {
if ((seg = findSegment(refSegs[i]))) {
if (seg->getType() == jbig2SegSymbolDict) {
- numSyms += ((JBIG2SymbolDict *)seg)->getSize();
+ const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize();
+ if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) {
+ error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region");
+ return;
+ }
} else if (seg->getType() == jbig2SegCodeTable) {
codeTables.push_back(seg);
}
--
2.25.1
meta-oe/recipes-support/poppler/poppler_22.04.0.bb
+1
View File
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \
file://0001-Do-not-overwrite-all-our-build-flags.patch \
file://basename-include.patch \
file://0001-JBIG2Stream-Fix-crash-on-broken-file.patch \
"
SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff"