mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

poppler: fix CVE-2025-32365

Browse Source 
Poppler before 25.04.0 allows crafted input files to trigger
out-of-bounds reads in the JBIG2Bitmap::combine function in
JBIG2Stream.cc because of a misplaced isOk check.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32365

Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/1f151565bbca5be7449ba8eea6833051cc1baa41

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Yogita Urade
2025-04-21 10:39:09 +00:00
committed by Armin Kuster
parent 84fc57bacc
commit 4c87bd7b93
2 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/poppler/poppler/CVE-2025-32365.patch
+41
View File
@@ -0,0 +1,41 @@
From 1f151565bbca5be7449ba8eea6833051cc1baa41 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Mon, 31 Mar 2025 14:35:49 +0200
Subject: [PATCH] Move isOk check to inside JBIG2Bitmap::combine
CVE: CVE-2025-32365
Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/1f151565bbca5be7449ba8eea6833051cc1baa41]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
poppler/JBIG2Stream.cc | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index b9a62e1..9cc3b82 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -767,6 +767,10 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp
unsigned int src0, src1, src, dest, s1, s2, m1, m2, m3;
bool oneByte;
+ if (unlikely(!isOk())) {
+ return;
+ }
+
// check for the pathological case where y = -2^31
if (y < -0x7fffffff) {
return;
@@ -2198,9 +2202,7 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless
if (pageH == 0xffffffff && y + h > curPageH) {
pageBitmap->expand(y + h, pageDefPixel);
}
- if (pageBitmap->isOk()) {
- pageBitmap->combine(bitmap.get(), x, y, extCombOp);
- }
+ pageBitmap->combine(bitmap.get(), x, y, extCombOp);
// store the region bitmap
} else {
--
2.40.0
meta-oe/recipes-support/poppler/poppler_22.04.0.bb
+1
View File
@@ -12,6 +12,7 @@ SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \
file://CVE-2024-6239-0002.patch \
file://CVE-2024-56378.patch \
file://CVE-2025-32364.patch \
file://CVE-2025-32365.patch \
"
SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff"