Bugzilla – Bug 1124357
VUL-1: CVE-2018-20751: podofo: null pointer dereference in crop_page function
Last modified: 2022-02-16 15:30:09 UTC
rh#1672626 An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference. References: https://bugzilla.redhat.com/show_bug.cgi?id=1672626 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20751 https://sourceforge.net/p/podofo/tickets/33/ https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-crop_page-podofo-0-9-6/
SLE12 is affected. A fix can be found at: https://sourceforge.net/p/podofo/code/1954/#diff-1
Created attachment 796126 [details] QA Reproducer $ podofocrop POC test.pdf note: I could not get the reproducer to work. Affected state assumed by code inspection.
SUSE-SU-2019:1849-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 1035596,1076962,1096890,1099720,1124357 CVE References: CVE-2017-8054,CVE-2018-11255,CVE-2018-12982,CVE-2018-20751,CVE-2018-5783 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): podofo-0.9.2-3.9.2 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): podofo-0.9.2-3.9.2 SUSE Linux Enterprise Desktop 12-SP4 (src): podofo-0.9.2-3.9.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
leap not fixed
Fixed in podofo 0.9.7 (patch present in leap 15.3)