Bug 1082839 (CVE-2018-7453)

Summary: VUL-1: CVE-2018-7453: xpdf: Infinite recursion in AcroForm::scanField in AcroForm.cc allows attackers to launch denial of service via a specific pdf file due to lack of loop checking
Product: [Novell Products] SUSE Security Incidents Reporter: Karol Babioch <karol>
Component: IncidentsAssignee: Peter Simons <peter.simons>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P4 - Low CC: pgajdos, smash_bz, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/200813/
Whiteboard: CVSSv3:SUSE:CVE-2018-7453:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) maint:planned:update
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1133493    

Description Karol Babioch 2018-02-26 13:03:38 UTC 
CVE-2018-7453

Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows
attackers to launch denial of service via a specific pdf file due to lack of
loop checking, as demonstrated by pdftohtml.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7453
http://www.cvedetails.com/cve/CVE-2018-7453/
https://forum.xpdfreader.com/viewtopic.php?p=814#p814
Comment 1 Peter Simons 2018-06-21 09:26:15 UTC 
Upstream has no intention to provide a fix for this issue:

> This one is a known bug. There are several places where a 
> PDF file can contain an infinte loop. Xpdf currently checks
> for some of them, but not all. I'm working on a generic loop
> detector for the Xpdf 5 release.

That statement was published over 1 year ago. No observable progress has been made since.
Comment 2 Petr Gajdos 2023-06-08 10:44:02 UTC 
testcase
https://github.com/skysider/FuzzVuln/blob/master/xpdf_pdftohtml_infinite_recursion_AcroForm_scanField.pdf

No crash in devel,15,12,11sp1/poppler. xpdf is not maintained anymore. I suggest to close this.