mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

poppler: fix CVE-2025-50420

Browse Source 
An issue in the pdfseparate utility of freedesktop poppler
v25.04.0 allows attackers to cause an infinite recursion via
supplying a crafted PDF file. This can lead to a Denial of
Service (DoS).

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-50420

Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/a7025904e3330dd6cf95f3664ef6fc77034cc5e1

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This commit is contained in:
Yogita Urade
2025-08-19 16:43:54 +05:30
committed by Anuj Mittal
parent b484df6361
commit c316f92599
2 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/poppler/poppler/CVE-2025-50420.patch
+38
View File
@@ -0,0 +1,38 @@
From a7025904e3330dd6cf95f3664ef6fc77034cc5e1 Mon Sep 17 00:00:00 2001
From: Sune Vuorela <sune@vuorela.dk>
Date: Tue, 29 Jul 2025 14:14:00 +0200
Subject: [PATCH] Fix crash in pdfseparate
Don't continue recursing in PDFDoc::mark* if things looks a bit weirder
than expected
CVE: CVE-2025-50420
Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/a7025904e3330dd6cf95f3664ef6fc77034cc5e1]
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
poppler/PDFDoc.cc | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/poppler/PDFDoc.cc b/poppler/PDFDoc.cc
index 872841c..a7c2e24 100644
--- a/poppler/PDFDoc.cc
+++ b/poppler/PDFDoc.cc
@@ -1818,6 +1818,15 @@ bool PDFDoc::markAnnotations(Object *annotsObj, XRef *xRef, XRef *countRef, unsi
if (obj1.isDict()) {
Dict *dict = obj1.getDict();
Object type = dict->lookup("Type");
+ if (type.isNull()) {
+ Object subType = dict->lookup("SubType");
+ // Type is optional, subtype is required
+ // If neither of them exists, something is probably
+ // weird here, so let us just skip this entry
+ if (subType.isNull()) {
+ continue;
+ }
+ }
if (type.isName() && strcmp(type.getName(), "Annot") == 0) {
const Object &obj2 = dict->lookupNF("P");
if (obj2.isRef()) {
--
2.40.0
meta-oe/recipes-support/poppler/poppler_23.04.0.bb
+1
View File
@@ -18,6 +18,7 @@ SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \
file://CVE-2025-43903-0002.patch \
file://CVE-2025-52886-0001.patch \
file://CVE-2025-52886-0002.patch \
file://CVE-2025-50420.patch \
"
SRC_URI[sha256sum] = "b6d893dc7dcd4138b9e9df59a13c59695e50e80dc5c2cacee0674670693951a1"