diff --git a/backport-CVE-2019-12293.patch b/backport-CVE-2019-12293.patch new file mode 100644 index 0000000000000000000000000000000000000000..4f983639c1208d85045e452ce608843c8b2f7114 --- /dev/null +++ b/backport-CVE-2019-12293.patch @@ -0,0 +1,41 @@ +From 89a5367d49b2556a2635dbb6d48d6a6b182a2c6c Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Thu, 23 May 2019 00:54:29 +0200 +Subject: [PATCH] JPEG2000Stream: fail gracefully if not all components have + the same WxH + +I think this is just a mistake, or at least the only file we have with +this scenario is a fuzzed one +--- + poppler/JPEG2000Stream.cc | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc +index e388ed3..2d7c5e0 100644 +--- a/poppler/JPEG2000Stream.cc ++++ b/poppler/JPEG2000Stream.cc +@@ -4,7 +4,7 @@ + // + // A JPX stream decoder using OpenJPEG + // +-// Copyright 2008-2010, 2012, 2017, 2018 Albert Astals Cid ++// Copyright 2008-2010, 2012, 2017-2019 Albert Astals Cid + // Copyright 2011 Daniel Glöckner + // Copyright 2014, 2016 Thomas Freitag + // Copyright 2013, 2014 Adrian Johnson +@@ -253,6 +253,12 @@ void JPXStream::init() + close(); + break; + } ++ const int componentPixels = priv->image->comps[component].w * priv->image->comps[component].h; ++ if (componentPixels != priv->npixels) { ++ error(errSyntaxWarning, -1, "Component {0:d} has different WxH than component 0", component); ++ close(); ++ break; ++ } + unsigned char *cdata = (unsigned char *)priv->image->comps[component].data; + int adjust = 0; + int depth = priv->image->comps[component].prec; +-- +2.27.0 + diff --git a/backport-CVE-2020-27778.patch b/backport-CVE-2020-27778.patch new file mode 100644 index 0000000000000000000000000000000000000000..05870252d37a75cb81e834a61f8b31df37aa1de1 --- /dev/null +++ b/backport-CVE-2020-27778.patch @@ -0,0 +1,26 @@ +From 30c731b487190c02afff3f036736a392eb60cd9a Mon Sep 17 00:00:00 2001 +From: Adam Reichold +Date: Fri, 22 Mar 2019 19:12:47 +0100 +Subject: [PATCH] Properly initialize HtmlOutputDev::page to avoid SIGSEGV upon + error exit. + +Closes #742 +--- + utils/HtmlOutputDev.cc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/utils/HtmlOutputDev.cc b/utils/HtmlOutputDev.cc +index ace303b..090631b 100644 +--- a/utils/HtmlOutputDev.cc ++++ b/utils/HtmlOutputDev.cc +@@ -1102,6 +1102,7 @@ HtmlOutputDev::HtmlOutputDev(Catalog *catalogA, char *fileName, char *title, + { + catalog = catalogA; + fContentsFrame = nullptr; ++ page = nullptr; + docTitle = new GooString(title); + pages = nullptr; + dumpJPEG=gTrue; +-- +2.27.0 + diff --git a/poppler.spec b/poppler.spec index 9f8aba1eea0c109a612dd78ae41556ae2f42dad1..5dbd78f092c5ba0b435c88bade58fcb46eb96e66 100644 --- a/poppler.spec +++ b/poppler.spec @@ -3,7 +3,7 @@ Name: poppler Version: 0.67.0 -Release: 6 +Release: 7 Summary: Poppler is a PDF rendering library based on the xpdf-3.0 code base License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT URL: https://poppler.freedesktop.org/ @@ -35,6 +35,8 @@ Patch6014: backport-CVE-2018-19060.patch Patch6015: backport-CVE-2018-20481.patch Patch6016: backport-CVE-2019-14494.patch Patch6017: backport-CVE-2019-7310.patch +Patch6018: backport-CVE-2019-12293.patch +Patch6019: backport-CVE-2020-27778.patch BuildRequires: cmake gcc-c++ gettext-devel qt5-qtbase-devel qt-devel cairo-devel fontconfig-devel @@ -244,6 +246,12 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}" %{_mandir}/man1/* %changelog +* Wed Sep 29 2021 yangcheng - 0.67.0-7 +- Type:CVE +- Id:CVE-2019-12293 CVE-2020-27778 +- SUG:NA +- DESC:fix CVE-2019-12293 CVE-2020-27778 + * Sat Jan 30 2021 wangye - 0.67.0-6 - Type:cves - Id:NA