Bug 1041783 - (CVE-2017-7511) VUL-1: CVE-2017-7511: poppler: Null pointer dereference in pdfunite via crafted documents
(CVE-2017-7511)
VUL-1: CVE-2017-7511: poppler: Null pointer dereference in pdfunite via craft...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Peter Simons
Security Team bot
https://smash.suse.de/issue/186046/
CVSSv2:SUSE:CVE-2017-7511:2.1:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-30 14:26 UTC by Marcus Meissner
Modified: 2020-06-15 01:23 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-05-30 14:26:21 UTC
https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a

pdfunite: Fix crash with broken documentsHEADmaster
Sometimes we can't parse pages so check before accessing them

Thanks to Jiaqi Peng for the report

Fixes bugs #101153 and #101149

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.


https://bugs.freedesktop.org/show_bug.cgi?id=101149
https://bugs.freedesktop.org/show_bug.cgi?id=101153
Comment 3 Swamp Workflow Management 2017-07-28 19:09:54 UTC
SUSE-SU-2017:1999-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1041783,1042802,1042803,1043088,1045719,1045721
CVE References: CVE-2017-7511,CVE-2017-7515,CVE-2017-9406,CVE-2017-9408,CVE-2017-9775,CVE-2017-9776
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    poppler-0.43.0-16.5.1, poppler-qt-0.43.0-16.5.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    poppler-0.43.0-16.5.1, poppler-qt-0.43.0-16.5.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    poppler-0.43.0-16.5.1, poppler-qt-0.43.0-16.5.1
SUSE Linux Enterprise Server 12-SP3 (src):    poppler-0.43.0-16.5.1, poppler-qt-0.43.0-16.5.1
SUSE Linux Enterprise Server 12-SP2 (src):    poppler-0.43.0-16.5.1, poppler-qt-0.43.0-16.5.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    poppler-0.43.0-16.5.1, poppler-qt-0.43.0-16.5.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    poppler-0.43.0-16.5.1, poppler-qt-0.43.0-16.5.1
Comment 4 Swamp Workflow Management 2017-08-05 16:09:33 UTC
openSUSE-SU-2017:2056-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1041783,1042802,1042803,1043088,1045719,1045721
CVE References: CVE-2017-7511,CVE-2017-7515,CVE-2017-9406,CVE-2017-9408,CVE-2017-9775,CVE-2017-9776
Sources used:
openSUSE Leap 42.3 (src):    poppler-0.43.0-5.1, poppler-qt-0.43.0-5.1, poppler-qt5-0.43.0-5.1
openSUSE Leap 42.2 (src):    poppler-0.43.0-2.3.1, poppler-qt-0.43.0-2.3.1, poppler-qt5-0.43.0-2.3.1
Comment 5 Peter Simons 2017-08-07 09:28:38 UTC
An update that fixes this issue is now available.
Comment 6 Swamp Workflow Management 2019-10-16 12:50:07 UTC
This is an autogenerated message for OBS integration:
This bug (1041783) was mentioned in
https://build.opensuse.org/request/show/738876 Backports:SLE-15-SP1 / poppler-qt5
Comment 7 Swamp Workflow Management 2019-11-06 11:10:07 UTC
This is an autogenerated message for OBS integration:
This bug (1041783) was mentioned in
https://build.opensuse.org/request/show/745853 Backports:SLE-15-SP1 / poppler-qt5
Comment 8 Swamp Workflow Management 2019-11-08 01:10:06 UTC
This is an autogenerated message for OBS integration:
This bug (1041783) was mentioned in
https://build.opensuse.org/request/show/746440 Backports:SLE-15-SP1 / poppler-qt5