Bug#512381: marked as done (xpdf: segfault on PLRM.pdf in continuous page display)

Debian Bug Tracking System Tue, 21 Jun 2011 17:45:24 -0700

Your message dated Tue, 21 Jun 2011 20:43:08 -0400
with message-id <[email protected]>
and subject line done
has caused the Debian Bug report #417820,
regarding xpdf: segfault on PLRM.pdf in continuous page display
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
417820: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417820
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: xpdf-reader
Version: 3.02-1.4
Severity: grave
Justification: security

$ wget http://www.adobe.com/products/postscript/pdfs/PLRM.pdf
...
$ sha256sum PLRM.pdf
6b29e79e4ab64aaa61a3fb27a0f36838c01f2530362873ac316bdb493a1bab6b PLRM.pdf
$ xpdf PLRM.pdf
... (scoll down a few pages)
Segmentation fault (core dumped)
$ gdb /usr/bin/xpdf.bin core
...
Core was generated by `xpdf PLRM.pdf'.
Program terminated with signal 11, Segmentation fault.
[New process 3773]
#0  0x00002baa8263045a in XPutImage () from /usr/lib/libX11.so.6
(gdb) bt
#0  0x00002baa8263045a in XPutImage () from /usr/lib/libX11.so.6
#1  0x000000000049acaa in ?? ()
#2  0x0000000000465686 in ?? ()
#3  0x00000000004686a0 in ?? ()
#4  0x000000000049cbb8 in ?? ()
#5  0x000000000046451c in ?? ()
#6  0x00000000004a630d in ?? ()
#7  0x00000000004a68a2 in ?? ()
#8  0x000000000049b8a0 in ?? ()
#9  0x00002baa81958a1f in XtCallCallbackList () from /usr/lib/libXt.so.6
#10 0x00002baa81653bc5 in _XmDrawingAreaInput () from /usr/lib/libXm.so.2
#11 0x00002baa8198dabe in ?? () from /usr/lib/libXt.so.6
#12 0x00002baa8198ded9 in ?? () from /usr/lib/libXt.so.6
#13 0x00002baa8198e5df in _XtTranslateEvent () from /usr/lib/libXt.so.6
#14 0x00002baa8196632a in XtDispatchEventToWidget () from /usr/lib/libXt.so.6
#15 0x00002baa819669f6 in ?? () from /usr/lib/libXt.so.6
#16 0x00002baa81965b3b in XtDispatchEvent () from /usr/lib/libXt.so.6
#17 0x00002baa81965ca3 in XtAppMainLoop () from /usr/lib/libXt.so.6
#18 0x00000000004aa0e6 in ?? ()
#19 0x00002baa832c91a6 in __libc_start_main () from /lib/libc.so.6
#20 0x0000000000406329 in ?? ()
#21 0x00007fff29be5178 in ?? ()
#22 0x000000000000001c in ?? ()
#23 0x0000000000000002 in ?? ()
#24 0x00007fff29be5812 in ?? ()
#25 0x00007fff29be5817 in ?? ()
#26 0x0000000000000000 in ?? ()
(gdb) quit
$

I do not know whether this has a security impact[1], so I go the safe
way and report this as a security issue. If it turns out to be harmless,
please downgrade the severity.

Helmut

[1] xpdf is often automatically launched by webbrowsers or even
mozplugger. So if this is exploitable it allows user assisted code
execution.

-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23.14 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash

Versions of packages xpdf depends on:
ii  xpdf-common                   3.02-1.4   Portable Document Format (PDF) sui
ii  xpdf-reader                   3.02-1.4   Portable Document Format (PDF) sui
ii  xpdf-utils                    3.02-1.4   Portable Document Format (PDF) sui

xpdf recommends no packages.

xpdf suggests no packages.

Versions of packages xpdf-reader depends on:
ii  gsfonts       1:8.11+urwcyr1.0.7~pre44-4 Fonts for the Ghostscript interpre
ii  lesstif2      1:0.95.0-2.1               OSF/Motif 2.1 implementation relea
ii  libc6         2.7-18                     GNU C Library: Shared libraries
ii  libfreetype6  2.3.7-2                    FreeType 2 font engine, shared lib
ii  libgcc1       1:4.3.2-3                  GCC support library
ii  libice6       2:1.0.4-1                  X11 Inter-Client Exchange library
ii  libpaper1     1.1.23+nmu1                library for handling paper charact
ii  libsm6        2:1.0.3-2                  X11 Session Management library
ii  libstdc++6    4.3.2-3                    The GNU Standard C++ Library v3
ii  libt1-5       5.1.2-3                    Type 1 font rasterizer library - r
ii  libx11-6      2:1.1.5-2                  X11 client-side library
ii  libxext6      2:1.0.4-1                  X11 miscellaneous extension librar
ii  libxp6        1:1.0.0.xsf1-2             X Printing Extension (Xprint) clie
ii  libxpm4       1:3.5.7-1                  X11 pixmap library
ii  libxt6        1:1.0.5-3                  X11 toolkit intrinsics library
ii  xpdf-common   3.02-1.4                   Portable Document Format (PDF) sui

-- no debconf information

--- End Message ---

--- Begin Message ---
version: 3.02-14
--- End Message ---

Bug#512381: marked as done (xpdf: segfault on PLRM.pdf in continuous page display)

Reply via email to