packages/poppler
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CVE-2022-38784

Browse Source
This commit is contained in:
qz_cx 2022-09-07 16:14:00 +08:00
parent ddbc26dd07
commit 189513a197
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CVE-2022-38784.patch Normal file
View File

@ -0,0 +1,29 @@
From d8efdc261ea40e3b3af82ed1d9bc7bcdafa36d67 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid @tsdgeos
Date: Tue, 6 Sep 2022 14:35:28 +0800
Subject: [PATCH] JBIG2Stream: Fix crash on broken file
---
poppler/JBIG2Stream.cc | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 9eddaa6..cb5cf2c 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -1968,7 +1968,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless
for (i = 0; i < nRefSegs; ++i) {
if ((seg = findSegment(refSegs[i]))) {
if (seg->getType() == jbig2SegSymbolDict) {
- numSyms += ((JBIG2SymbolDict *)seg)->getSize();
+ const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize();
+ if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) {
+ error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region");
+ return;
+ }
} else if (seg->getType() == jbig2SegCodeTable) {
codeTables.push_back(seg);
}
--
2.33.0

10
poppler.spec
View File

@ -4,7 +4,7 @@
Name: poppler
Version: 22.01.0
Release: 1
Release: 2
Summary: PDF rendering library
License: GPLv2+ and LGPLv2+ and MIT
URL: http://poppler.freedesktop.org/
@ -13,6 +13,7 @@ Source1: %{name}-test-%{test_date}-%{test_sha}.tar.xz
Patch1: poppler-0.90.0-position-independent-code.patch
Patch3: poppler-21.01.0-glib-introspection.patch
Patch4: CVE-2022-38784.patch
BuildRequires: make
BuildRequires: cmake
@ -248,6 +249,13 @@ test "$(pkg-config --modversion poppler-qt6)" = "%{version}"
%{_mandir}/man1/*
%changelog
* Tue Sep 06 2022 qz_cx <wangqingzheng@kylinos.cn> - 22.01.0-2
- Type:CVE
- CVE:CVE-2022-38784
- SUG:NA
- DESC: fix CVE-2022-38784
- fix CVE-2022-38784
* Mon Jun 13 2022 lin zhang <lin.zhang@turbolinux.com.cn> - 22.01.0-1
- Update to 22.01.0