Ubuntu
kdegraphics package

aggressive memory leak in kpdf while opening an illegal(?) PDF

Bug #111275 reported by Pekka Jääskeläinen
4
Affects Status Importance Assigned to Milestone
kdegraphics (Ubuntu)
Fix Released
Undecided
Unassigned
poppler (Ubuntu)
Fix Released
Medium
Ubuntu Desktop Bugs

Bug Description

Binary package hint: kpdf

When I try to open the PDF at following URL with kpdf:

kpdf http://citeseer.ist.psu.edu/rd/20035612%2C32969%2C1%2C0.25%2CDownload/http://citeseer.ist.psu.edu/cache/papers/cs/1803/http:zSzzSzdavinci.snu.ac.krzSzlinkszSzilpzSztullsen95.pdf/tullsen95simultaneous.pdf

I get an aggressive memory leak consuming all the memory and converting system unusable for a while.

Notabe is that opening the same PDF with xpdf produces a crash after scrolling down couple of pages. I'll report that bug separately.

With Acroread the PDF displays fine.

One could view this bug as a potential security vulnerability as it causes a DoS for a while, and potentially triggers the OOM killer.

Revision history for this message
Pekka Jääskeläinen (pekka-jaaskelainen) wrote :

Attached the PDF to bug #111278 with Xpdf backtrace.

Revision history for this message
Kees Cook (kees) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

Revision history for this message
Kees Cook (kees) wrote :

I see similar behavior when loading the PDF in evince. (100% CPU and doing seemingly endless alloc/free cycles of all available memory.)

Áron Sisak (asisak)
Changed in evince:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

could be a duplicate of bug #70428

Revision history for this message
TerryG (tgalati4) wrote :

Marking as Confirmed since this has been moved to poppler. Definitely locks up evince 2.20.1 with poppler 0.6.2 under gutsy. A bad actor for only 12 pages.
Acroread 8 seems to open it OK.

Changed in kdegraphics:
status: New → Confirmed
Revision history for this message
Harald Sitter (apachelogger) wrote :

Closing for kdegraphics since it is working fine in Okular (KDE 4 replacement of KPDF).

Changed in kdegraphics:
status: Confirmed → Fix Released
Revision history for this message
Pedro Villavicencio (pedro) wrote :

still an issue with Intrepid?

Changed in poppler:
assignee: nobody → desktop-bugs
status: Confirmed → Incomplete
Revision history for this message
Pekka Jääskeläinen (pekka-jaaskelainen) wrote :

I do not have Intrepid installation, but the PDF does not crash KPDF anymore in Hardy. However, one of the pages is not rendered fully, but the topic of this bug is not reproducible anymore at least for me.

Revision history for this message
Jonathan Thomas (echidnaman) wrote :

If it works with Okular that means it's been fixed with poppler too.

Changed in poppler:
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.