diff --git a/CVE-2022-38784.patch b/CVE-2022-38784.patch new file mode 100644 index 0000000..056e22e --- /dev/null +++ b/CVE-2022-38784.patch @@ -0,0 +1,29 @@ +From d8efdc261ea40e3b3af82ed1d9bc7bcdafa36d67 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid @tsdgeos +Date: Tue, 6 Sep 2022 14:35:28 +0800 +Subject: [PATCH] JBIG2Stream: Fix crash on broken file + +--- + poppler/JBIG2Stream.cc | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc +index 9eddaa6..cb5cf2c 100644 +--- a/poppler/JBIG2Stream.cc ++++ b/poppler/JBIG2Stream.cc +@@ -1968,7 +1968,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless + for (i = 0; i < nRefSegs; ++i) { + if ((seg = findSegment(refSegs[i]))) { + if (seg->getType() == jbig2SegSymbolDict) { +- numSyms += ((JBIG2SymbolDict *)seg)->getSize(); ++ const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize(); ++ if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) { ++ error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region"); ++ return; ++ } + } else if (seg->getType() == jbig2SegCodeTable) { + codeTables.push_back(seg); + } +-- +2.33.0 + diff --git a/poppler.spec b/poppler.spec index 41dfde1..0a640e8 100644 --- a/poppler.spec +++ b/poppler.spec @@ -4,7 +4,7 @@ Name: poppler Version: 22.01.0 -Release: 1 +Release: 2 Summary: PDF rendering library License: GPLv2+ and LGPLv2+ and MIT URL: http://poppler.freedesktop.org/ @@ -13,6 +13,7 @@ Source1: %{name}-test-%{test_date}-%{test_sha}.tar.xz Patch1: poppler-0.90.0-position-independent-code.patch Patch3: poppler-21.01.0-glib-introspection.patch +Patch4: CVE-2022-38784.patch BuildRequires: make BuildRequires: cmake @@ -248,6 +249,13 @@ test "$(pkg-config --modversion poppler-qt6)" = "%{version}" %{_mandir}/man1/* %changelog +* Tue Sep 06 2022 qz_cx - 22.01.0-2 +- Type:CVE +- CVE:CVE-2022-38784 +- SUG:NA +- DESC: fix CVE-2022-38784 +- fix CVE-2022-38784 + * Mon Jun 13 2022 lin zhang - 22.01.0-1 - Update to 22.01.0