SB2018122042 - Fedora 28 update for mingw-poppler

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Uncontrolled recursion (CVE-ID: CVE-2017-18267)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc due to infinite recursion. A remote attacker can trick the victim into opening a specially crafted PDF file and cause the service to crash.

2) Buffer overflow (CVE-ID: CVE-2018-13988)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the image rendering functionality due to buffer overflow when handling malicious input. A remote unauthenticated attacker can trick the victim into opening a specially crafted PDF file, trigger memory corruption and cause the system to crash.

3) Improper input validation (CVE-ID: CVE-2018-16646)

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists in the Parser::getObj() function, as defined in the Parser.cc source code file of the affected software due to improper processing of user-supplied input. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger an infinite recursion condition and cause the service to crash.

4) Improper input validation (CVE-ID: CVE-2018-19058)

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists in the EmbFile::save2 function due to insufficient stream checks by the EmbFile::save2 function, as defined in the FileSpec.cc source code file of the affected software, before an embedded file is saved. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger a reachable abort condition in the Object.h file and cause the service to crash.

5) Out-of-bounds read (CVE-ID: CVE-2018-19059)

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists due to out-of-bounds read condition in the EmbFile::save2 function, as defined in the FileSpec.cc source code file after insufficient validation of embedded files before save attempts. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger out-of-bounds read condition and cause the service to crash.

6) NULL pointer dereference (CVE-ID: CVE-2018-19060)

The vulnerability allows a remote attacker to cause DoS condicion on the target system.

The vulnerability exists due to NULL pointer dereference condition in the GooString.h source code file when the filenames of embedded files are insufficiently validated before a save path is constructed. A remote attacker can trick the victim into accessing an embedded file that submits malicious input, trigger a NULL pointer dereference and cause the service to crash.

7) NULL pointer dereference (CVE-ID: CVE-2018-19149)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment. A remote attacker can perform a denial of service (DoS) attack.

8) Memory leak (CVE-ID: CVE-2018-18897)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. A remote attacker can execute the pdftocairo command with a PDF file that submits malicious input, trigger memory leak and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2018-12b934e224