diff options
| author | Urade, Yogita <Yogita.Urade@windriver.com> | 2023-02-28 05:19:43 +0000 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2023-03-05 07:52:05 -0500 |
| commit | 4676fa71c616233c05abb59dfc636a0621db3057 (patch) | |
| tree | 02f04bea8af90c5c0c99eae2211d6982035001fe /meta-oe | |
| parent | 109b5463077011b099915089039f62e9ffc226c3 (diff) | |
| download | meta-openembedded-4676fa71c616233c05abb59dfc636a0621db3057.tar.gz | |
poppler: fix CVE-2021-30860
An integer overflow was addressed with improved input validation. This
issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS
14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted
PDF may lead to arbitrary code execution. Apple is aware of a report that
this issue may have been actively exploited.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-30860
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe')
| -rw-r--r-- | meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch | 41 | ||||
| -rw-r--r-- | meta-oe/recipes-support/poppler/poppler_22.04.0.bb | 1 |
2 files changed, 42 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch b/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch new file mode 100644 index 0000000000..4a8ea233c8 --- /dev/null +++ b/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch | |||
| @@ -0,0 +1,41 @@ | |||
| 1 | From 27354e9d9696ee2bc063910a6c9a6b27c5184a52 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Albert Astals Cid <aacid@kde.org> | ||
| 3 | Date: Thu, 25 Aug 2022 00:14:22 +0200 | ||
| 4 | Subject: [PATCH] JBIG2Stream: Fix crash on broken file | ||
| 5 | |||
| 6 | https://github.com/jeffssh/CVE-2021-30860 | ||
| 7 | |||
| 8 | Thanks to David Warren for the heads up | ||
| 9 | |||
| 10 | CVE: CVE-2021-30860 | ||
| 11 | |||
| 12 | References: | ||
| 13 | https://nvd.nist.gov/vuln/detail/CVE-2021-30860 | ||
| 14 | |||
| 15 | Upstream-Status: Backport | ||
| 16 | [https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52] | ||
| 17 | |||
| 18 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | ||
| 19 | --- | ||
| 20 | poppler/JBIG2Stream.cc | 6 +++++- | ||
| 21 | 1 file changed, 5 insertions(+), 1 deletion(-) | ||
| 22 | |||
| 23 | diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc | ||
| 24 | index 662276e5..9f70431d 100644 | ||
| 25 | --- a/poppler/JBIG2Stream.cc | ||
| 26 | +++ b/poppler/JBIG2Stream.cc | ||
| 27 | @@ -1976,7 +1976,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless | ||
| 28 | for (i = 0; i < nRefSegs; ++i) { | ||
| 29 | if ((seg = findSegment(refSegs[i]))) { | ||
| 30 | if (seg->getType() == jbig2SegSymbolDict) { | ||
| 31 | - numSyms += ((JBIG2SymbolDict *)seg)->getSize(); | ||
| 32 | + const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize(); | ||
| 33 | + if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) { | ||
| 34 | + error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region"); | ||
| 35 | + return; | ||
| 36 | + } | ||
| 37 | } else if (seg->getType() == jbig2SegCodeTable) { | ||
| 38 | codeTables.push_back(seg); | ||
| 39 | } | ||
| 40 | -- | ||
| 41 | 2.25.1 | ||
diff --git a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb index b7cdb4f1be..816c9f1608 100644 --- a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb +++ b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb | |||
| @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe" | |||
| 6 | SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \ | 6 | SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \ |
| 7 | file://0001-Do-not-overwrite-all-our-build-flags.patch \ | 7 | file://0001-Do-not-overwrite-all-our-build-flags.patch \ |
| 8 | file://basename-include.patch \ | 8 | file://basename-include.patch \ |
| 9 | file://0001-JBIG2Stream-Fix-crash-on-broken-file.patch \ | ||
| 9 | " | 10 | " |
| 10 | SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff" | 11 | SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff" |
| 11 | 12 | ||
