Bug 1128345 (CVE-2019-9587)

Summary: VUL-1: CVE-2019-9587: xpdf: stack consumption issue in md5Round1() located in Decrypt.cc
Product: [Novell Products] SUSE Security Incidents Reporter: Robert Frohl <rfrohl>
Component: IncidentsAssignee: Peter Simons <peter.simons>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: smash_bz, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/225705/
Whiteboard: CVSSv3:SUSE:CVE-2019-9587:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) maint:planned:update
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1133493    

Description Robert Frohl 2019-03-07 14:19:38 UTC 
CVE-2019-9587

There is a stack consumption issue in md5Round1() located in Decrypt.cc in
Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for
example) the pdfimages binary. It allows an attacker to cause Denial of
Service (Segmentation fault) or possibly have unspecified other impact.
This is related to Catalog::countPageTree.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9587
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9587.html