Bug 1085247 (CVE-2018-8105)

Summary: VUL-1: CVE-2018-8105: xpdf: The JPXStream::fillReadBuf function in JPXStream.cc allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file
Product: [Novell Products] SUSE Security Incidents Reporter: Karol Babioch <karol>
Component: IncidentsAssignee: Peter Simons <peter.simons>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: pgajdos, smash_bz, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/201805/
Whiteboard: CVSSv3:SUSE:CVE-2018-8105:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) maint:planned:update
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1133493    
Attachments: Reproducer

Description Karol Babioch 2018-03-14 08:56:55 UTC 
CVE-2018-8105

The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows
attackers to launch denial of service (heap-based buffer over-read and
application crash) via a specific pdf file, as demonstrated by pdftohtml.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8105
https://forum.xpdfreader.com/viewtopic.php?f=3&t=652
Comment 1 Karol Babioch 2018-03-14 09:05:11 UTC 
Created attachment 763609 [details]
Reproducer
Comment 2 Peter Simons 2018-06-21 08:48:29 UTC 
Upstream has not responded to the bug report in their web forum. I am unaware of any fixes for these issues.
Comment 3 Petr Gajdos 2023-06-12 13:06:44 UTC 
Could not reproduce a crash or valgrind error for TW,15,12,11sp1/poppler. Since xpdf is not maintained anymore, I suggest to close this.