Bug 1106883 (CVE-2018-16368)

Summary: VUL-1: CVE-2018-16368: xpdf: SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remoteattackers to cause a denial of service (heap-based buffer over-read) via acrafted pdf file, as demonstrated by pdftoppm.
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Peter Simons <peter.simons>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: pgajdos, smash_bz, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/213651/
Whiteboard: CVSSv3:SUSE:CVE-2018-16368:4.4:(AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L) maint:planned:update
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1133493    
Attachments: xpdf-pdftoppm-heap-overflow-poc-1

Description Marcus Meissner 2018-09-03 08:49:48 UTC 
CVE-2018-16368

SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote
attackers to cause a denial of service (heap-based buffer over-read) via a
crafted pdf file, as demonstrated by pdftoppm.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16368
https://github.com/TeamSeri0us/pocs/tree/master/xpdf
Comment 1 Marcus Meissner 2018-09-03 08:51:26 UTC 
Created attachment 781657 [details]
xpdf-pdftoppm-heap-overflow-poc-1

QA REPRODUCER:

valgrind pdftoppm xpdf-pdftoppm-heap-overflow-poc-1 >/dev/null

should not show errors
Comment 2 Marcus Meissner 2018-09-03 08:52:10 UTC 
poppler-tools seems not affected (already fixed probably)
Comment 3 Petr Gajdos 2023-06-12 14:13:02 UTC 
I get zero valgrind errors for TW,15,12,11sp1/poppler.

I suggest to close this bug.