Bug 1130999 (CVE-2019-10024)

Summary:	VUL-1: CVE-2019-10024: xpdf: floating point exception in function Splash:scaleImageYuXu in Splash.c
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Robert Frohl <rfrohl>
Component:	Incidents	Assignee:	Peter Simons <peter.simons>
Status:	RESOLVED INVALID	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P4 - Low	CC:	pgajdos, smash_bz, stoyan.manolov
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/226992/
Whiteboard:	CVSSv3:SUSE:CVE-2019-10024:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) maint:planned:update
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Bug Depends on:
Bug Blocks:	1133493
Attachments:	QA Reproducer

Description Robert Frohl 2019-03-29 12:45:44 UTC

rh#1693627

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.

Reference:
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1693627
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10024
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10024.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10024
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274

Comment 1 Robert Frohl 2019-03-29 12:47:14 UTC

Created attachment 801686 [details]
QA Reproducer

$ pdftoppm Splash::scaleImageYuXu@Splash.cc:5556-21___FPE out.ppm

Comment 2 Robert Frohl 2019-03-29 12:47:34 UTC

tracking as affected:
- SUSE:SLE-10-SP3:Update
- SUSE:SLE-11:Update

Comment 3 Petr Gajdos 2023-06-08 09:59:57 UTC

Not reproducible for 11sp1/poppler not newer ones. xpdf is out of support, hence I propose to close this bug.