poppler 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 security updates break Splash output

Bug #1905741 reported by Even Rouault
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
poppler (Ubuntu)
Invalid
Undecided
Unassigned
Xenial
Fix Released
Undecided
Marc Deslauriers
Bionic
Fix Released
Undecided
Marc Deslauriers

Bug Description

The security updates 0.62.0-2ubuntu2.11 and 0.41.0-0ubuntu1.15 break the Splash output rendering, for example if using the xpdf utility that relies on Poppler splash output, or as used by the GDAL library (the issue was detected due to breakage in GDAL continuous integration tests)

I've traced the root cause to those security updates enabling in 'rules' CMYK (--enable-cmyk for 0.41.0-0ubuntu1.15 and -DSPLASH_CMYK=ON for 0.62.0-2ubuntu2.11)

Building without CMYK restore poppler in a working state. It should be noted that even on the upstream 0.41.0 version, enabling CMYK result in a non-functional build, so it is not related to the patches applied on top of it, but really on enabling CMYK

The issue can be verified with "xpdf test_ogc_bp.pdf" with the attached test_ogc_bp.pdf file. With the new packages, xpdf crashes, whereas with older ones it displays a 20x20 greyscale image.

Or with "gdal_translate test_ogc_bp.pdf out.png -of PNG" when installing the "gdal-bin" package, that currently errors out with a message like "ERROR 1: Bitmap decoded size (18623872x0) doesn't match raster size (20x20)"

CVE References

Revision history for this message
Even Rouault (even.rouault) wrote :
information type: Public → Public Security
information type: Public Security → Public
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for reporting this, I'll back out the fix and will release updates shortly.

Changed in poppler (Ubuntu):
status: New → Invalid
Changed in poppler (Ubuntu Xenial):
status: New → In Progress
Changed in poppler (Ubuntu Bionic):
status: New → In Progress
Changed in poppler (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in poppler (Ubuntu Bionic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package poppler - 0.62.0-2ubuntu2.12

---------------
poppler (0.62.0-2ubuntu2.12) bionic-security; urgency=medium

  * SECURITY REGRESSION: broken Splash output (LP: #1905741)
    - debian/rules: don't build with SPLASH_CMYK=ON as this causes a
      regression with xpdf and gdal. This reverts the fix for
      CVE-2019-10871.

 -- Marc Deslauriers <email address hidden> Thu, 26 Nov 2020 10:55:59 -0500

Changed in poppler (Ubuntu Bionic):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package poppler - 0.41.0-0ubuntu1.16

---------------
poppler (0.41.0-0ubuntu1.16) xenial-security; urgency=medium

  * SECURITY REGRESSION: broken Splash output (LP: #1905741)
    - debian/rules: don't build with --enable-cmyk as this causes a
      regression with xpdf and gdal. This reverts the fix for
      CVE-2019-10871.

 -- Marc Deslauriers <email address hidden> Thu, 26 Nov 2020 10:59:16 -0500

Changed in poppler (Ubuntu Xenial):
status: In Progress → Fix Released
Revision history for this message
Even Rouault (even.rouault) wrote :

@mdelsaur Thanks for the prompt fixes. I confirm they fix the issues I had observed

Revision history for this message
George Kissandrakis (gkissand) wrote :

# lsb_release -rd
Description: Ubuntu 18.04.5 LTS
Release: 18.04

I have an Epson TM BA Thermal network printer, configured in CUPS
After today's unattended upgrade it stopped working
Logs found on server

[540009.389033] pdftoraster[63919]: segfault at d00000400 ip 0000557a50f569a8 sp 00007ffd5ca826d8 error 6 in pdftoraster[557a50f52000+8000]

Thu Nov 26 14:14:19 2020: apport: report /var/crash/_usr_lib_cups_filter_pdftoraster.7.crash already exists and unseen, doing nothing to avoid disk usage DoS

# dpkg -S /usr/lib/cups/filter/pdftoraster
cups-filters-core-drivers: /usr/lib/cups/filter/pdftoraster

Start-Date: 2019-11-25 17:01:06
Install cups-filters-core-drivers:amd64

# dpkg -l|grep cups-filters-core-drivers
ii cups-filters-core-drivers 1.20.2-0ubuntu3.1

I checked what was updated with unattended upgrade

Start-Date: 2020-11-24 06:20:02
Commandline: /usr/bin/unattended-upgrade
Upgrade: libpulse0:amd64 (1:11.1-1ubuntu7.10, 1:11.1-1ubuntu7.11)
End-Date: 2020-11-24 06:20:10

and I rolled back
# wget https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+build/17383699/+files/poppler-utils_0.62.0-2ubuntu2.10_amd64.deb
# wget https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+build/17383699/+files/libpoppler73_0.62.0-2ubuntu2.10_amd64.deb

# ls apt/
libpoppler73_0.62.0-2ubuntu2.10_amd64.deb poppler-utils_0.62.0-2ubuntu2.10_amd64.deb

#dpkg -R --install apt/

and started to work again

and of course
apt-mark hold libpoppler73 poppler-utils
# apt-cache policy poppler-utils libpoppler73
poppler-utils:
  Installed: 0.62.0-2ubuntu2.10
  Candidate: 0.62.0-2ubuntu2.11
  Version table:
     0.62.0-2ubuntu2.11 500
        500 http://gr.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        500 http://gr.archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages
 *** 0.62.0-2ubuntu2.10 100
        100 /var/lib/dpkg/status
     0.62.0-2ubuntu2 500
        500 http://gr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
libpoppler73:
  Installed: 0.62.0-2ubuntu2.10
  Candidate: 0.62.0-2ubuntu2.11
  Version table:
     0.62.0-2ubuntu2.11 500
        500 http://gr.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
        500 http://gr.archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages
 *** 0.62.0-2ubuntu2.10 100
        100 /var/lib/dpkg/status
     0.62.0-2ubuntu2 500
        500 http://gr.archive.ubuntu.com/ubuntu bionic/main amd64 Packages

Revision history for this message
George Kissandrakis (gkissand) wrote :

I confirm that the version 0.62.0-2ubuntu2.12 fixes the 0.62.0-2ubuntu2.11 bug

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.