Ubuntu
poppler package

Bug #1505858
Activity log

Activity log for bug #1505858

Date	Who	What changed	Old value	New value	Message
2015-10-14 00:45:28	alex.park	bug			added bug
2015-10-14 21:08:47	alex.park	attachment added		fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1 https://bugs.launchpad.net/ubuntu/+source/poppler/+bug/1505858/+attachment/4494820/+files/fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1
2015-10-14 21:09:35	alex.park	description	Hello, I've found some vulnerabilities in pdf viewers using famous library named poppler such as evince, xpdf, okular and so on. This is my short report and I used latest version of poppler (poppler-0.37.0). Plus I've attached a finding as base64 format (sorry for the inconvenience) To be honest, I already posted this bug on popplers' and developer answered the question (https://bugs.freedesktop.org/show_bug.cgi?id=92450#c1). As far as I can tell, all of these software what I tested such as evince, xpdf okular on Ubuntu system have same problem. So I'd like to post this issue in here. in details: alex@vm64 $ uname -a Linux vm64 4.2.0-16-generic #19-Ubuntu SMP Thu Oct 8 15:35:06 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux alex@vm64 $ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=15.10 DISTRIB_CODENAME=wily DISTRIB_DESCRIPTION="Ubuntu Wily Werewolf (development branch)" okular: Installed: 4:15.08.1-0ubuntu1 Candidate: 4:15.08.1-0ubuntu1 Version table: * 4:15.08.1-0ubuntu1 0 500 http://kr.archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages 100 /var/lib/dpkg/status xpdf: Installed: 3.03-17ubuntu2 Candidate: 3.03-17ubuntu2 Version table: * 3.03-17ubuntu2 0 500 http://kr.archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages 100 /var/lib/dpkg/status evince: Installed: 3.16.1-0ubuntu1 Candidate: 3.16.1-0ubuntu1 Version table: * 3.16.1-0ubuntu1 0 500 http://kr.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages 100 /var/lib/dpkg/status libpoppler-dev: Installed: 0.33.0-0ubuntu3 Candidate: 0.33.0-0ubuntu3 Version table: * 0.33.0-0ubuntu3 0 500 http://kr.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages 100 /var/lib/dpkg/status + I used latest version of poppler too. Application: Okular (okular), signal: Segmentation fault Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 [Current thread is 1 (Thread 0x7f640ae42840 (LWP 6180))] Thread 4 (Thread 0x7f63f36f1700 (LWP 6184)): #0 0x00007f6407db6743 in select () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007f64087ed51f in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #2 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f640537c6aa in start_thread (arg=0x7f63f36f1700) at pthread_create.c:333 #4 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 Thread 3 (Thread 0x7f63f253c700 (LWP 6200)): [KCrash Handler] #6 0x00007f63f25f5619 in JPXStream::readTilePartData(unsigned int, unsigned int, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #7 0x00007f63f25f6b73 in JPXStream::readTilePart() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #8 0x00007f63f25f7a77 in JPXStream::readCodestream(unsigned int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #9 0x00007f63f25f9c95 in JPXStream::readBoxes() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #10 0x00007f63f25fa0d6 in JPXStream::reset() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #11 0x00007f63f25edbf9 in SplashOutputDev::drawImage(GfxState, Object, Stream, int, int, GfxImageColorMap, bool, int, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #12 0x00007f63f26419ca in Gfx::doImage(Object, Stream, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #13 0x00007f63f2642ce8 in Gfx::opXObject(Object, int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #14 0x00007f63f263cffe in Gfx::go(bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #15 0x00007f63f263d4a0 in Gfx::display(Object, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #16 0x00007f63f2683255 in Page::displaySlice(OutputDev, double, double, int, bool, bool, int, int, int, int, bool, bool ()(void), void, bool ()(Annot, void), void, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #17 0x00007f63f29dadc6 in Poppler::Page::renderToImage(double, double, int, int, int, int, Poppler::Page::Rotation) const () from /usr/lib/x86_64-linux-gnu/libpoppler-qt4.so.4 #18 0x00007f63f2c2be74 in ?? () from /usr/lib/kde4/okularGenerator_poppler.so #19 0x00007f63f738c613 in ?? () from /usr/lib/libokularcore.so.6 #20 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #21 0x00007f640537c6aa in start_thread (arg=0x7f63f253c700) at pthread_create.c:333 #22 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 Thread 2 (Thread 0x7f63f1d3b700 (LWP 6201)): #0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 #1 0x00007f6408701622 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #2 0x00007f64086fd8e5 in QMutex::lockInternal() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f63f2c2acf4 in ?? () from /usr/lib/kde4/okularGenerator_poppler.so #4 0x00007f63f738bf12 in ?? () from /usr/lib/libokularcore.so.6 #5 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #6 0x00007f640537c6aa in start_thread (arg=0x7f63f1d3b700) at pthread_create.c:333 #7 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 Thread 1 (Thread 0x7f640ae42840 (LWP 6180)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x00007f6408703286 in QWaitCondition::wait(QMutex, unsigned long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #2 0x00007f64087028ae in QThread::wait(unsigned long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f64087ed0ad in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #4 0x00007f6407cf2d32 in __run_exit_handlers (status=1, listp=0x7f640807d698 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:82 #5 0x00007f6407cf2d85 in __GI_exit (status=<optimized out>) at exit.c:104 #6 0x00007f640928e6a8 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #7 0x00007f6409f83370 in KApplication::xioErrhandler(_XDisplay) () from /usr/lib/libkdeui.so.5 #8 0x00007f64071cbcee in _XIOError () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #9 0x00007f64071c957d in _XEventsQueued () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #10 0x00007f64071a5832 in XCheckIfEvent () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #11 0x00007f64092923e9 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #12 0x00007f64092a26eb in QApplication::x11ProcessEvent(_XEvent) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #13 0x00007f64092ccb52 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #14 0x00007f6404e96ff7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #15 0x00007f6404e97250 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #16 0x00007f6404e972fc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #17 0x00007f64088431ee in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #18 0x00007f64092ccc26 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #19 0x00007f64088110d1 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #20 0x00007f6408811445 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #21 0x00007f6408817429 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #22 0x0000000000409878 in ?? () #23 0x00007f6407cd9a40 in __libc_start_main (main=0x409430, argc=2, argv=0x7ffd3a61ac18, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd3a61ac08) at libc-start.c:289 #24 0x000000000040b4a9 in _start () evince 3.16.1 / xpdf version 3.03 ****************************************************************************** Segmentation fault ****************************************************************************** crashed file: fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1 Register dump: RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000006 RSI: 0000000000000002 RDI: 0000000000000000 RBP: 0000000000000000 R8 : 0000000000000000 R9 : 0000000000000006 R10: 0000000000000070 R11: 0000000000000000 R12: 00000000014af420 R13: 00000000000018d2 R14: 00000000014af420 R15: 00000000014d7600 RSP: 00007ffdede2b6b0 RIP: 00007f28d94be0df EFLAGS: 00010246 CS: 0033 FS: 0000 GS: 0000 Trap: 0000000e Error: 00000004 OldMask: 00000000 CR2: 00000010 stack trace: 0x00007ffdede2b6b0: 10 fa 4a 01 00 00 00 00 00 00 00 00 00 00 00 00 ..J............. 0x00007ffdede2b6c0: 20 f4 4a 01 00 00 00 00 50 dc 4b 01 00 00 00 00 .J.....P.K..... 0x00007ffdede2b6d0: 14 b7 e2 ed fd 7f 00 00 03 00 00 00 01 00 00 00 ................ 0x00007ffdede2b6e0: 90 d2 4b 01 00 00 00 00 00 00 00 00 01 00 00 00 ..K............. 0x00007ffdede2b6f0: 01 00 00 00 00 00 00 00 20 f4 4a 01 00 00 00 00 ........ .J..... 0x00007ffdede2b700: a0 41 54 01 00 00 00 00 01 00 00 00 00 00 00 00 .AT............. 0x00007ffdede2b710: d0 52 54 01 01 00 00 00 00 48 38 da c1 7a d9 ac .RT......H8..z.. 0x00007ffdede2b720: 90 96 54 01 00 00 00 00 10 fa 4a 01 00 00 00 00 ..T.......J..... Backtrace: 0x00007f28e4d22cc0: [catch_segfault():4000] 0x00007f28e3512d10: [__restore_rt():0] 0x00007f28d94be0df: [_ZN9JPXStream16readTilePartDataEjjb():287] 0x00007f28d94bf688: [_ZN9JPXStream12readTilePartEv():2920] 0x00007f28d94c1278: [_ZN9JPXStream14readCodestreamEj():248] 0x00007f28d94c3ff1: [_ZN9JPXStream9readBoxesEv():1809] 0x00007f28d94c4766: [_ZN9JPXStream5resetEv():22] 0x00007f28d9c8d753: [_ZN14CairoOutputDev9drawImageEP8GfxStateP6ObjectP6StreamiiP16GfxImageColorMapbPib():323] 0x00007f28d950ce45: [_ZN3Gfx7doImageEP6ObjectP6Streamb():3013] 0x00007f28d950e143: [_ZN3Gfx9opXObjectEP6Objecti():627] 0x00007f28d9508058: [_ZN3Gfx2goEb():344] 0x00007f28d9508558: [_ZN3Gfx7displayEP6Objectb():280] 0x00007f28d9550dc5: [_ZN4Page12displaySliceEP9OutputDevddibbiiiibPFbPvES2_PFbP5AnnotS2_ES2_b():357] 0x00007f28d9c76522: [poppler_page_get_type():482] 0x00007f28d9eb5ad3: [_init():13019] 0x00007f28d9eb616e: [_init():14710] 0x0000000000401a90: [_init():2368] 0x000000000040172d: [_init():1501] 0x00007f28e3158a40: [__libc_start_main():240] 0x00000000004018a9: [_init():1881] Disassemble: 0x00007f28d94be0df: add rax, qword ptr [rdi + 0x10] 0x00007f28d94be0e3: mov r11d, dword ptr [rax + 0x14] 0x00007f28d94be0e7: test r11d, r11d 0x00007f28d94be0ea: je 0x7f28d94be25d 0x00007f28d94be0f0: mov r8d, dword ptr [rax + 0x10] 0x00007f28d94be0f4: mov r13, qword ptr [rsp] 0x00007f28d94be0f8: mov r15, r14 HASHTAG: 8DBAE794E10FF8F8CBF9AA94744D5759 Thanks -Alex JVBERi0xLjMKJeLjz9MKMSAwIG9iago8PC9Db3VudCAxL0tpZHMgWzMgMCBSXS9UeXBlIC9QYWdl cyA+PgoKZW5kb2JqCjIgMCBvYmoKPDwvUGFnZXMgMSAwIFIvVHlwZSAvQ2F0YWxvZyA+PgoKZW5k b2JqCjMgMCBvYmoKPDwvQ29udGVudHMgNCAwIFIvQ3JvcEJveCBbMC4wIDAuMDAwMDAgNzcuMCAx ODEuMF0vTWVkaWFCb3ggWzAgMCA3NyAxODFdL1BhcmVudCAxIDAgUi9SZXNvdXJjZXMgPDwvUHJv Y1NldCBbL1BERiBdL1hPYmplY3QgOCAwIFI+PgovUm90YXRlIDAvVGh1bWIgNiAwIFIvVHlwZSAv UGFnZSA+PgoKZW5kb2JqCjQgMCBvYmoKPDwvRmlsdGVyIC9GbGF0ZURlY29kZSAvTGVuZ3RoIDMz Pj4KCnN0cmVhbQp42ivkMjdXMABCQwtDMJ2cy6XvmWuo4JLPFcgFAFyoBiwKZW5kc3RyZWFtCmVu ZG9iago2IDAgb2JqCjw8L0JpdHNQZXJDb21wb25lbnQgOC9Db2xvclNwYWNlIC9EZXZpY2VSR0Ig L0ZpbHRlciBbL0ZsYXRlRGVjb2RlICAvRENURGVjb2RlIF0vSGVpZ2h0IDk5L0xlbmd0aCAyNTkw L1dpZHRoIDc2Pj4KCnN0cmVhbQp42pVUeTjUaxv+zWYMjcwY40SWsW8jS0JoDqUyOZjhmGxJspW1 NI59jYOEMUilBSP7kn0UOZYwliI7OfaDytGxpGHm03V939f5ruv88z3v89/9Ps9zX/dzvy93jPs7 IEg8a3oWAIEAAHRwAO4kcBqAgMHf8iCgBwnjhcGgUBgfHM7De4jv0CF+Pn5+pABaECmAEuDnF8QK ooQwwsLChw6L/IDF/IDGCGO+NQFBDmqgMAQMhsAg+ZGY/zu4rwAUL+ACmEFA0gAYBYKgQNx2QPwb VRDsG9//BC/8YBYPAgY+gA0FAdABbTAUCjkY/A0FgSFQAMYDR6F5cUI61FoERlrDiOQsjJXR8pfV PG6cFhUdk/40L7+q9aBc7KAvGPL35gAUBobwgOAHoCoKAEFBEBAPD+Tf2LfLKCgMjUvjEcJoOPsL SxuRqt5GPW3lTgCHIAcoCoICCEB/AEMxqX6zamgk0/3kabav7JAZQeolsev5MYn5gMqOdNwnnaJC Cx3sOLmOSE5r/ICGj9mor6325QeLJF25t6TBOHnTi6WltCQkAq/6Bb7gIgVmd8PSmZx8nH7MdAhH +Nym08JRX9LVR+xTzyoSwiPtmdmXDL1fa7INK8ga9IZ5m5CaikwhGcKr1IxHrZfraASBBbQ+CTuS HUBg1KnyITkrtyc+B1ohAuEy4QOnKwyacaaeACC8bVj3KZcgMPz++KhJwIm2sJwrzZ4F6HfWSgPw ncRW7918RZ7RBqd45oRlQGxGIIyB7JJCDMxuxS6IEnx75F2zPTMCqatDksy+aUIieRCL/WMDS9dj dXrty0ajdhQqX2ggNaICuwsW1CYV7OfMjRzufXY7Re8LYCgtXFzuUCJavWYaURYrpy3vObbEOF9s adKwxVBwzfQavXdyHm+nT9lhdIjpd4ykUnoj+BhcYFpfAlky0XK188PIXjhLRDrpd/syf5KovkFp XUdJjAdIaZpIvtvWSCLcpOT9hItLnfS44P0EykCIQaO2AevT9KDdMonc+A82zPslmTUMxQQi+dfq CBOOUecW1nS9eq1l9daSY/Eo2EABJT5Jr6Bp6sUy3+B1y3+K/lEZBuR0jRtkzNx9/STgv5toFHe5 LZGj2YzwdpqNfmE0mUB7YzNTBE3ZHjlGHckKo5deNDA/4+foI+U00acq5NWnDdjOL3TKPRpPK/+o sUtF6NRmJ59xoL4ZOm9r/ND+97rHzy5jwnvmjIpfm1VYVeiudnRaWcm1hZGwa95Yem7sM+ZQ32XF ddbzX3GmhvVjQSqurE8J1pMOFxgTsh783pGZyyfpXqJH0TkZY3JqmEh9gLqvPPrFywnLyXHDmogP +TTjO9Obp8T8paCxUZWSbYSUGxZb2mO73hlsYMuxv3H8yGaohYhsmR/cV+SDz2ohu4Tn6Ye8gT6P LQzhSu1wm+U2aXmpJjhRssputS904/qBfPQD1+t8tyaDUxFM7/cOTri/UlOXp5HSvCAvo7kZrnzj JEtl44Gf+LsgWP7+oH5yfXFMLheQmg9Okt0Z3/ptLVzmwhuxJi6gNvjerNB0gx5pE7vHcq9iJ3dJ rpFuGGnoxlgzL/WzjgY/xNPU9/uRIpuyiX5b8M0XjK5a49bI3pfys3jCycbzionJPe/48UAufJxQ sTIZXHBKPPC4K/NDUcPiV7/qveq/3LXmdac8Q0mzPG1h0Yk2X5ykBSbFU8JK+gWeirBsfAlPrkZM mDi0IDzlZ+7PPxBvDnC4SBhqW67/WqPMVKW2y9CF3Fr4/5gof5lRZFq4ctclpCGmS9t9MUyou9yI 7W/ceOmlteF3mzVck+gx2BtJIZ3eVnF0rEjEexJJaDoD5cZJ2otJXlVNn3EfWbbtWhx6ZE6dSUpN 4djLcIHa+rcRqf4vTWghH75OrYkaZzwZZV1Xzx/I8rfHn7umDjPxuKXGIYT35dB0ZLeBkcazS7rB wi4FPbj+aIooMsTCWCQqx1gqz8ZXlgvc0zy3l/9z/J/5D5/d0ke7RCw6Kij4vpmcpnB2iupLDglQ 9dIn129G45RXR6H27ylHPP98BfPR3l8aDARujuUkQHy2TEKPqd6wfNDp6GWvzBxTK8XVZUnlOcsx tOaUoJiyqm6H7bn8/AwYGmxmo878YT2xYiWgMfvt/LXddef34/pveHNPXZdiH/P8uxAOkI+WnO9O ujFn8w9vcfX6J0+X2rYo94eijWa7cW5qPfPOTif6V81fCRr/KlWmJEazY4OY8aw/Wrp03+d2G26H UU8V+COONEe5b5eEPW0anl07+m4yVwlEtKb91haqwz52c4zj9kK6Q/U+NdUatyHYHzDHBYamSgKa oOdHPWafld49UTBYJ4v3gOrMfsLcljVAwBP+tD7LBYx0LWYhSd292hTNyITieFhJCNo1Vpf8zF4A g/0StQWDpQbqI3eAQtk7QloFZdZdh4ooSF3WskGP0+HGm5mQUmlNq3lBLGgu0lJHxrdSOCRUjhnI Cni/n7W4M3VLd7/Oi6dso62azF4vzJzhm3vUbQGOafHeTY6/1vtj17h96+byZnVoeUj9z8eI/yOi 9mFXifDr5wqfsoXLq+z+6TvTVdwwNeyfZlsLDy1TNDZ3IA1XeucjaiVqFwIXXuwMxCVYZQX5JKfP ljh3tO4QokpzUkKN/VgZG2ztIdEu1fRJU6mGuEuufXHziamzJGigpPl+ii/D3irUxWLdCXQPrtUr oVKcNaswIVn59vPFEEtmZ1sZxSynznkgIyh1eHuqxJRomybSgdr2f2O+grhgrmRqvmYhxDRx49C2 OOPF2Twk96qJq0le/hLuA0rtgqPbbkeQDakWaIbmumQhTTAQci1uizijQsZnTSZRM8ceUF/oBTmI PASFKJNSRcmvxEp8FBUq96nrjn8ZB9Oz8sfl7dXEi7UqzterJ6R+um7lcw6vtHhi1XqcbBMzd5Iv RDI/ULhzfptBu/oxCHyi8VXaALjuPnDfnwvoUcgr/Sg/fLsAwVCk8Oe/6co0eVy+f6ELR2ROuc5/ +dj0mEf0inyPWNiu0ihWR2xj7DDTYsrbScVkC7xcTHE07S5fJS73dqMzylS/GAxOP4ecpyA5NMsJ U/Gm9LGweKfbpXPXhFokj9Lsu7VPV3wuWmrP5EHIflaRH6SXdCCUiCSRtK/Vj6/qdtatgvGBnoKD d6Ln6FDUJgQ/LKgj3kQLCb81IlxqW7yUa/fcdJWW3MB0mDYdU0SmbNq9ZnfSC1PaO9M6BpLzHxeB vNFdb41eF+/plDTmkafodx4tZQtQye23fc4tOoyJzmRNjgfVmEXhLCI0dut+uXGJskexI7O3Z1rC mgYz1vw1JryraiQvx9ny5s4P+1ZV6Hndgkm57MXPlV4ay+MCF4epm4hUVk9NngzTwuwMMUI6AK/u rIVK6zx65i5eMxZnSNOZS2ucyumWpxeBynxT7boV+qyOM1Tk5rjj/wJbiNcZCmVuZHN0cmVhbQpl bmRvYmoKOCAwIG9iago8PC9JbTEgOSAwIFI+PgoKZW5kb2JqCjkgMCBvYmoKPDwvRmlsdGVyIC9K UFhEZWNvZGUgL0hlaWdodCAyNDEvTGVuZ3RoIDY4NDIvTmFtZSAvSW0xIC9TdWJ0eXBlIC9JbWFn ZSAvVHlwZSAvWE9iamVjdCAvV2lkdGggMTAyPj4KCnN0cmVhbQoAAAAMalAgIA0KhwoAAAAUZnR5 cGpwMiAAAAAAanAyIAAAAElqcDJoAAAAFmloZHIAAADxAAAAZgADBwcAAAAAAA9jb2xyAQAAAAAA EAAAABxjZGVmAAMAAAAAAAEAAQAAAAIAAgAAAAMAABpRanAyY/9P/1EALwAAAAAAZgAAAPEAAAAA AAAAAAAAAGYAAADxAAAAAAAAAAAAAzExQUJDREVGR/9SAAwAAAABABUEBAAB/1wAE0BASEhQSEhQ SEhQSEhQSEhQ/5AACgAAAAAZ8QAB/1MACQEABQQEAAH/XQAUAUBASEhQSEhQSEhQSEhQSEhQ/1MA CQIABQQEAAH/XQAUAkBASEhQSEhQSEhQSEhQSEhQ/5PfeRgUELoEl1EyoPtNW7hq8uZzz6q+ri/F Nv9y/Z5y53X7oIsAGd9hCBQQugSr+MeovGhNWTtKjjPedRGbQ4frbEKP3X3r3eQ5qN9hCBQQugU4 D1v88GcQ7fLH+oxjIs+6f+oTShbvWl1CcpCV7t94zPsH59JQJrhDoRV3CnED4Avu6PbY+/4638Ee a6h6ASnZYzEl5Hac7KNDhIOjZbzkKuG++dNxflCc/1wFZ/oYHNENzyd/DXCLNsMktQmuS6D0Vs+k rPpNz6xMHr8CG3DYO5Fn5wwWrD26yJcULS+bKdfv1OpS4F9VCdx96FRa9crOaNQ24mqyERSLGCR5 NvJnU+yl70WKKA/GU/9ROs+kxPrHJ9A8Hx0SBEckikBOOIkAh56Pj+YGRX+NkXILLusEm1yEYi6v Mdwl/rs6yplgL8+DfO8hEX/SiRgkdve+eLIR6I/Yaau0S8+mhz6XcfMvFp0Mb4vDGw9yUPy514Wh 6wRE9bSQ2vNSdgwcUWBUpttHCp7HDMeM22ET21yJUJI/16mEWME4/Edc67jCcbDwMoAoXRseWwHH bfVa4YYSMi5V+G7F+0OAYdU6e3qQjeX/X2wsjIxwhckTc9n4+9RnBO+cKzol3eW/YNH/OLJbGBPb LAiWlZe8At+wQMg9GMON9mLodFa6tcixY2qr8orBhNiXwVhmsMeWH0Opj3bPlXz5VEfGlBac+Bmk BePviy00pqzSZtm1nAaf3fP3aswRh0to9P7/OqD4GxoeI7hNZ/mv4pCuGxerVUuE+FZOsCMVSmiY RLxUrucPBRvM8o9U1JKjLKUnbSIwsw8BBhgTwwYVdGdo22SQU1PEEjsMdqx34RczSAv+gYT8z9zM bQI5/BvPmbz5VUfGlBac+DQRLiX5GAUeAKfVaTvgRN0Y5Fy0BnaDEBWd9G/VDQnU0x5BVBt9h8F4 VBKoR1uHrGzKDz4bF6rj/0HlpHPyk6nUfUm3bpKdNqPFE1gEP5zyaKCo0QvvM0Nwn0y1Yn0YE8ML LimdgxCb6vKAJCVweneaH/m3e/M1qVxQQpBkHVeAMZ94306hvp0bPmu4cJKWwZzM2J9gN8Wis/Q4 HpRFeALli2J9O1k9D+IAJh8igYDOEqfQ9kPO6Tkda5Uh04Lc86S90s/QaIlBBkhNQIp+JQDmP7vh 1HyAMuRkbH8RTGxTGjL2P8tm8lkiI6mgbsaOGeQFqIH5gQ5elMbjT7no/V+03HfQvEAX4/z/KiiT daNkmXo9D+yEsg8nA6yr3cez3Psl9POTckOrb95lXxZkTx7kEmAYIuXlfw046EihLyLoZMTa3Dq4 7dRlGqsnpYJnBk5vTC2J9t93Y2rG2B2SVbPEhAoHusOpUitWl/BoIHT5kSqFmXES64ixJ1yE26dL MsI3ZlWukKhgoJjZUaSQsqHbQ8CAY+yvagSbij1kQHxsmG0uM0xYqnCJ4m8shtun3cBUlgDdUbvW oRUmza9Isz4mCiuIu2FTQFOIiYgU8h5buRpw8nCgtTYMoCYVropHwTKb/atYZG1Iwjn0BNda3czG MbaHHZZ03wEhtUBKvBdKgLCgIGg+kElZOQPDB6k4b9SsJzLn5IigdxwqkMekwehM3bW15cvWsbrZ bENH4RuS08+S53zWOfHTgCKuujHIuqOY+3KP16t2jmMkGCLa8GF76b+GLYe+GwNaLul2moUEeLPc OT68GQ93ftayQZs7PRelnCkedIefm/KemlUa2E7u6xETwjiqD41hBPeq6JVkdr64XtMEzO8WZeWu TQOrUOQ1SVwhbyXMRb1ZKrNkTx7lnz8cAO9CCaFWEZ8RKRKaT1E/HGoUHORkonIn77ZEc9/GP4ZZ xeJH79eNMQQqFIab+xUinbElrnWvwrgTjvT7rHrKF2zn6vkTNHFsrt7Lkr24nWHbLd+Qys15SWsB j8w2S7xAUD6EKi+uLWXk6qQImORwK7imsDMrPi32H0vS6bDieYOodhiHb1PICC8QTbXAi7lhKn8i 4frW/J38B39rfT0CEDd8V/MvzI02IczPjuV81lnyUsAirroxyLqjmpm5qk0Own92qwlKBp4gs32n PcRyCCAK1iPwM82XcYB/85WC7cR9eBQPZXsisSqYfFLc53s2mK6k+f8y0ljddzWrvp/IbPROP+pe s0hwnZdKRvgcTrJq0QxpbQgnmx/JrejRnECloJMX4J5kTx7lnz6RtLnlF8OOKSgBuE0ftZpOIXke GQPH/YVCPOxYNvLDfggjtP0E1rP1Xwn2cklSfA6h27oDTisQQ2GToEXsxuJpzwbXcdfLy6UStcCH 3bQJOge8rP3t4BdvT1eO03WjCzZLvEBQPoPFyW19ju4ycSY6qDYZQD/ApIyXsw0qZ3BZu4dkoWu/ Wxhag/lYhwsYOvKzJ87pmhYu39H1VcAvYmt2OdvzYd/fRPEaJ983Vu+bpjPk3EDH7a0zX+7PCJIT Winw36EA81e2BtiiJU4sv79wzlRMcCq7VSE5kywajauBwa4ZPXNKAmFiHNDoh5fZoDq+N5PxLaDS /hrtFsDMq3V4rOhv2krAViOb5xZD3HLrbkf/QO4wxyw9cswoPL2Smjpgkwk089CYDik7mH2j8aVC yHYjlIoa/V0iLl46rqoKc/TxvwRmthjfVGS5WOKM5wNumHu29EBYzBMtjitHYMb+ZcboP75ZNcRw 9mCgFPWZWK0JvbYPlD7XKX1HBGFhM529ochobAZup3RfuVyLsR3jBzdHB1Wb7pzZLNqdE3gQwsZc uNvfCu2tcHpdDSD3OqoPygKQCi4Ggey3cgOYy2cb/BpZ1pBBHrbRWzNc/OFFMD0AaGz8CGJjvA5H WEI2mfL0prbPeNmQz9wYpLvfovuaPpDB8YMIsuQ7XGiwzwLyeXL8Sv664lXOuXBrIsCuyOLMrqEC zD30uKMRvf+DL6K7NJqpygodL9ngtOZpU2UpdsiCF/sC9xF35/v0BHUJjQH7r98c0wgxJIn5GjN4 fjCfis4DCWRVeHFXV/dzH5lPjI7NbS6YCbz+l7ubCn0Jiyj0/s2VrRbyECBu9VpAwthcqtBqPqzr OYCTgZ40Wh67M0ToKh5sJ3H5blnFLjI81BOslHkfDCPCLaSt2fIfFnj21hzYrmsR6h22cRrgBiKw gt9KSFnc+IS+fNYldGzuPneztGMGXm/W9QjbT1o1K6kGZVGiTx2aJVU9fCIHhUIeZc9atIx/4PIk Ukn/X0POWno3YMQMde6REeNFBrlkEew1QhSDLdbqorm+ahv5NRMTB90aC/cCagF6K+WTgxzKAgGb 9T1lJmDBYalL+eWHa2fbXdKc/M6vhTJ5I7QFAkE5Z4Q8GFuqKFwmCFSjDWAYrt7UCrkX87VOFcCZ XQGMsb2HQEzSDM73Sh3S/JuzjDaif8dEe8OHQPxaCXWlmLEFTwMcAVUAlMSkAJ8tBiFQAIvAZyZA QKROEkE6JXqmKZseXkDDviEXc+H0rX/N0SKpkzQ8w7zZvhQS8GZ0zHzCPC7Y+U+AuK0IYSxQ2xVe r6WAcUfK04KRIdzwwQvx+BAfNGPeI+MRWmKvO8Dh1NXTa5RWO4N2kNWReiTYKpltbYMtFALAgGWL LfcW1vheI/AOXZda4M+Hs2+PYk+HezNxemvOGHWpqx5BDvUrjJgBnHiQxbg2DqhIQ0DkhMLNyHyz CJbts/B1Oep01paixNX5uGeScS6XfytgUYEmIG5BRl+6awCIcusc9adnmvX5xxsGaq5hSo3JtGvv kjLOhZUpOoBa+WqgGnoWywnHLeA/D5E18AuQCZixPbgH9PFeyhCyli6WS05uSzijrCRMElPMhkXs Yu5tILBpUDMnVwnNnKyFn22G5GbFtbdh0Q9NuOkJP4oznhnxEz5oK6+Ra3R/YD83I9zZDLmv3Tbi zK6hAswGIb2SL6r7fr4cPWriCMLCbCYTQDOa5pCp1uQ8BG47+jZf3JJkP7Pz/qLd9hUuE2fgH6dw Jsu8/OhOlwtptnoGMcrT3bAYD1YC7AY+EkoTWq2X5A5lBgy2JdF3wg9frDonTVQLYkC8pDUNdFRO zTpBglq9ry4jxcGMUp9/Uityw2gB5b8zlJAGdIS/NbRj/xeiAyHlJhhvf2sCswrtFIoVhxuEZG8H mn+n5RJfMxnDldAb+GJtEuRDkUMCpuvFXdKdQPeGX2CWmpU7lze1xVS7OC0i4XZeF3efcgyr7DjG HZjvBqPpTxGE7b5hWj8ZQQYzZGRhnh+jbKAzGe/Wy6DVgO8jJ4a6GHrLzjHx6OVb8q7WkjF7GwsK F1IVJnUCvnwNjib04FgaZAIQhLoCiVk6c7RaZCnwJsRjz4exr49bz4dqM3F6a84Yda7ioM9CciUE i3xCQVVYjCeIchjc4yRz685wgXBjp9aYjrLY9vrUx6LuJzEBR4hAApJiS/JWv/DI4gjnDXKkrEaM exe+UijtM6DGxqGAC1Ax8Lw8bdyp7KNaNxWvd8bweLH7lvGWwYV8q/l0aWaAqpxl7rtoqQUdToAN 9gwREmOeveHGLTIwI9eq4cNT6vt2PUdN5IQxY7WnOYm3kYm1nFrapeksALqom6/SkdORp4T65JdR i8nWx9Sh52947i6O4sy1mke45c4blM5TGvoN55UQIujGzL6Uct6Ow9pvAo2ZKCeia236T2MSuev3 Mb+darLnLz8YBOlsiCfmeRvOdhEafmK63tdyBk5lwf7pMWJtkTgaNcnLQSMULCvudg9WUud3OGWA PCKD90NzpVQ3JvkH/Z4OHj9A4sYaDRppaZIP3cM3w5Qg+JpjJNWgwbwo6GYQIvzedz6zmLry7JLD ltKxF32gKT5S8RK9cHTack9lCbTW0HC4XdKdQPeGX2CWmpU7lze1xVS7OC0i4XZeF3efcgyr7DjG HZuOvmPM/xWY7T+aoFtQvOpz5Sdu/1c98Pmu5E/gTWZc6PQbH+cFdSXOTqgYSzwPnkIHwLjKA8Py aMG8ukem5SDO0yo9PW40vOfi6m/i6XZ+Lo3+LqJj8PW34OigvbjH+lgI4dtiGHua0t83mYgzInXT LaYoE9qIk7nS/dTKdnczbi/RQnYUwr+6esrRiCziNp/cngzaPyCbuJ0BrCGWsGC0TyLX0XXaAydm 5IZiDTLplLwcpNYmoLVOsGAVeTxNcyZbEJvwBAHtPaVgkkkibl6gGrpWVpiRZ1jL6MZ6UzXvLqMI KvDQzaqLZRIvqKbstdIuYxMEaxopWDaUGipd0SERY0CVAoipkpluZ3Fm8O8G874b6vzSRiyeTXVm sFDdjfpMPt57526Rd3p4C6Pc+j1odqrAoUxGiDF6x3AQmKjeN46I1zqeMpYbCWpVOzGT6EP+eYV3 D9YX4Z8ZwSYbVB2njIbYB57p7PNoMdZaEeOEiVjQckc53/WXKSTEKNVUj5XRvY2jCMPv4ktlIgY+ q8P7KQwmcoTredOkwzhUGPihAU0PMEunjQLtjmef8B4UovkLePWpeDVKPNDvuLlV6h6k7ShXVbWx FxNYVH5y5Jz+QFCQoU3f7Y7Hi9oO43pXTU/wguBJ3c4Pz8HsNdlfxc0B01PuEpiGW/f98Yd8+g54 BXMmA6pfRlLThfmfRtIvSwpytXHd0T1ZHvcj47oxSwpK14on1VJfr6UPOrlmYPtRdYQKzhfMwghu Ze0z7KBi4RJWmRItyG/+hJWa67lnc638Oa0Lanu4sgpYrBuO6J5wznSX0WjTu5oI5o39rX6z2Zc0 79/Oj5GqFBD2WSJXNLwQRMsio9SYBqlfO+DYwu5RoWiMsW2wrVY6DvRNOCLUtzH0EYA+VBtUo0zE Vmj0YSUzadY+wXkuF3JMOsShOJpc2TYq7XkExgIgJgR1zOfSnHWYy2oSVH92iu7iiaA+p3k1IQob erURmXpNUF6bfatLVeWFuCuEMENxODmEDxJUJAn5jkilqoTotiTe+KjM0jx7O/XzGQZnBqsGqkmD w5/adU9jLD1kF5vBwBwwOtd2yQqZ4SolwOyv0KHas2JwqE4Cb63kVfi5snT2UXZ2r9UCZwsKfUfn +yK0EjpqlQgqxq8H4kcbvnuh46NTPQd+hUVVe7GPAKaix4HNyynr3YbIPVfynTBeSb8255l0Zqj6 aiCvTvj+VPZFR03tlZxIYWjiNUk8dQ+Zl8r2YzeYQlJ8YAJm4aBnl3hnmS0n08xvZzaWp1aI+Kzv pMwB9ASH5F7Cxrd6Q+4Hpa2cleaTMuGPlStdQnG95vd2mjqhZzqeOOtGwQrJFD0kJxY3O3dOO1yR julip4kyiQ9cqXqWCNI/4V5IG738VascWZrvd7jrrKvRFxv6JTrv3Wr6A2cPO9/V6Akglki+0BYU ZVIrfJv9u7o6Zc0SeIocPtVEjgSQU+Es4I/R6rIpx1v1DfoKZHMZe2MlqZb63y9WKl7ysUB4x+Eb sLxh338ngfbaG3zQtgwftdlJahHr5QGX7FclMbRoQw91gIx39lnoF9/VAK0a1f46PKBVXlhtpuIZ FpPwb1Z14RhVzGH09ONnXiqgDO3PF7kihfdasaTMlT3Aqltj4aptwFVNWCLkCUfJJTWEFtU1vN8o qzlGaH5t9+j95qPis8llabhLgkWgtRjlr15ZkbBE2Mx4CnbxDLsBL3bhIzkpVyNTI0Qj9Y9sUcFB b1ciK34Gj0tcdfreL/K32+a8EuXewQbuiZympYvD/sIPL1XRU+K3Bx8qJXJOwH0V82R6tImKGnUF 8Jqf6E6SWq4hjdFTgzzTgpD1iQpFr0rp3HJRMLv/Z6oLfWiMnbFdPeWvPWoOUnLSd8560eR/UkI0 l6L5LdRzHAp7pLAjy/diO2BvPgGvwwkKEKKCjJ/LUq5tchWQH8naeivvoRWNznLsCWCTyUCAKn6N hBrjnBrKWipxOK/fnKin75mc5sc4cv0PQREywCEg2gNuqGLXEDzjIkvqefci6BcW7YZhv19Uk+pB 2Ws7nDCNVR+wvaUdtC09ZPbx5Cp0A+T1rCDchn/tmYz9UPmTmfyrZ5/omEWuotzzYNRnbbGLDfIL bOFNU7qwGN1S8O7grpoL0XJq60ppibks+e5LH0X7TFN9nIBEOemxYMbzPbY3kVMAfRjVaRss0oYv KZnnuwfdV57uv3ZuPLviwL24x/pYCO+DrKne7k6skyyhd8+RMxKUqW8vce1gQ5iUqweSI7/67sLi t6Wf1OLvIDEMurisvsLol8lDmP8pLY0cx0jY+NOAXpDaA2Rcsg6OuDI5ODAntIaZTO4yJSa+K8mE 0lOJJhmlTu3k7nj1Qm/XYUVlbN113UAK8tcVqbxTH3u+iOgGJBGKz5o56MNTerccXRZZpikuHtLX rCH9ukJ9vCpmXnbhCbFP9wxF3knRIPFhfN0J8V27f+rNe5unmZ6jjJq6hLDOw8coRIJUNJP3fpFp XwcaKTKVzwbmMP5sMXAsZZKgLXvRnh3pX6WkR7AAoai7h6ClBz2ddfr8MDAHlL+AOMENmal1uHaK 8q69laFhfZayW2kro5tkZt+/6biNP2T0rlaQC3gXeixAOhE404s782bLCosLFJSryEshK35gBqxj rOFaYAk00JhtTfIbslu0XGoD04wHq3Q7cd4aVEPD0Zyv/xgy3Qg/HhMBYnuyR7GrBHVEO7MYanS+ ztiTMciTkPNH1GOX7ajRm/4VQrcIe8d8ptLWkf9Ts0QiT9ozRBODOe8O/tlJxNW96WhpB1KwXWnt ojXq4Dd8zja+CsuBdDJmFNxhHfxYWP5o0K8RNdHei0UA6VlWqf0oSKqN+ibC/0M1NfSaC3O2deQi UM4ZuRtE+Qh1ARfA7GbR49RKFun6zjyaBmGBpqsHF3qIe254/m+mjYwaRS8SfUZifcbD9kUg05ip xM4Zpd5Yd5uFXUXWUbDYD0qDTwjfZWcFPwlvLulBIOQ5Ca+JoCm7ZJ4BUVs9yjbsgUYnN/yivvLB 1A4irJsVr9cRKytWCtvU5hX157sH3SGe7n90lj3QPFi9uMf6WAjvg6yp3u5OrJMsm5jS5JDE7+6T MY0/RT2Ei+F1FvgLUG8xB121rYRhl08Kv477U2EeMORmdGyDYNkEjSU6I/KWeeRPmm8vmFO73f3k RY6AJACtkW4kf7rxm72O3BiVK47WrVSO6EcwEsGr0PdVfanveAt9gAXRf20oSwZbN1Xv7IUz1czV 86LN12VHr9eSsYdnfVAHRZHdRQ8/c0KYJnojNaaQVh0G9RHpBP0EK+iPsEcpisxJspzKRDYm0hiq 8pc0CaNTNGOaBnIg4XSmmj1JBAQSyzagE4SZ6U3SRs0EjzeXjBVVk/E7Cat2i0EPI8Dpr1EApWL/ QbJYiEXNfIvSwxzW0HcfZklH42KzPFCpAAZaMIlzPBzpoQ7vpmjM1GW4BSsgmvq86E5yTHXdVctZ Kuj12uXbj3zUR8uWbwWfTkXs5aSm7WUiMvFiBG8MMfkKqYq9uR/T/0eN2iBC2JNVRoxSVIvMbkpl HpLIqrzfq5XjZ3WAPP58dVF7h4IgfNJJyFxNtWwTJumVABRus6NbjT7NVjc0mn/EbKGBVkbm8h5P qBtjb3CD8wdCnWGjaF9+zK21UvmSoPU1grXReGHYNeufWfzXLYCyhI+utJfGcd6cPogXEHEeSiiN pcGEw3b1o3iumz1JXwzibDMj/2SJoKhaTZ+FQ9SiVGeMGPCXD5qujt+RJNG5mkMm2qznXWg2+aJA xVLXLaw+lsAafuEVwnG9ANEu8yzGtItFmurq1xErK1YK29TmFfX/2QplbmRzdHJlYW0KZW5kb2Jq CjEwIDAgb2JqCjw8L0F1dGhvciAoQWRtaW4pL0NyZWF0aW9uRGF0ZSAoRDoyMDA5MDkyOTEzMTU0 NiswMicwMCcpL01vZERhdGUgKEQ6MjAwOTA5MjkxMzE2MDgrMDInMDAnKS9Qcm9kdWNlciAo/v9c MDAwUFwwMDBpXDAwMHhcMDAwZVwwMDBsXDAwMFBcMDAwbFwwMDBhXDAwMG5cMDAwZVwwMDB0XDAw MCBcMDAwUFwwMDBkXDAwMGZcMDAwRVwwMDBkXDAwMGlcMDAwdFwwMDBvXDAwMHJcMDAwIFwwMDBc KFwwMDBWXDAwMGVcMDAwclwwMDBzXDAwMGlcMDAwb1wwMDBuXDAwMCBcMDAwMVwwMDAuXDAwMDBc MDAwLlwwMDAwXDAwMC5cMDAwMFwwMDAgXDAwMEJcMDAwZVwwMDB0XDAwMGFcMDAwXCkpL1R5cGUg L0luZm8gPj4KCmVuZG9iagp4cmVmCjAgMTENCjAwMDAwMDAwMDUgNjU1MzUgZg0KMDAwMDAwMDAx NSAwMDAwMCBuDQowMDAwMDAwMDcwIDAwMDAwIG4NCjAwMDAwMDAxMTggMDAwMDAgbg0KMDAwMDAw MDMwMSAwMDAwMCBuDQowMDAwMDAwMDA3IDAwMDAxIGYNCjAwMDAwMDA0MDQgMDAwMDAgbg0KMDAw MDAwMDAwMCAwMDAwMSBmDQowMDAwMDAzMTQxIDAwMDAwIG4NCjAwMDAwMDMxNzIgMDAwMDAgbg0K MDAwMDAxMDE0NyAwMDAwMCBuDQp0cmFpbGVyCjw8L0lEIFs8OURBQkExNjZBRTNEQzZFMjA2RDcy QjlBRUNDMUY4RDE+IDw5REFCQTE2NkFFM0RDNkUyMDZENzJCOUFFQ0MxRjhEMT5dL0luZm8gMTAg MCBSL1Jvb3QgMiAwIFIvU2l6ZSAxMT4+CnN0YXJ0eHJlZgoxMDUwNQolJUVPRg==	Hello, I've found some vulnerabilities in pdf viewers using famous library named poppler such as evince, xpdf, okular and so on. This is my short report and I used latest version of poppler (poppler-0.37.0). Plus I've attached a finding as comment below To be honest, I already posted this bug on popplers' and developer answered the question (https://bugs.freedesktop.org/show_bug.cgi?id=92450#c1). As far as I can tell, all of these software what I tested such as evince, xpdf okular on Ubuntu system have same problem. So I'd like to post this issue in here. in details: alex@vm64 $ uname -a Linux vm64 4.2.0-16-generic #19-Ubuntu SMP Thu Oct 8 15:35:06 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux alex@vm64 $ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=15.10 DISTRIB_CODENAME=wily DISTRIB_DESCRIPTION="Ubuntu Wily Werewolf (development branch)" okular: Installed: 4:15.08.1-0ubuntu1 Candidate: 4:15.08.1-0ubuntu1 Version table: * 4:15.08.1-0ubuntu1 0 500 http://kr.archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages 100 /var/lib/dpkg/status xpdf: Installed: 3.03-17ubuntu2 Candidate: 3.03-17ubuntu2 Version table: * 3.03-17ubuntu2 0 500 http://kr.archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages 100 /var/lib/dpkg/status evince: Installed: 3.16.1-0ubuntu1 Candidate: 3.16.1-0ubuntu1 Version table: * 3.16.1-0ubuntu1 0 500 http://kr.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages 100 /var/lib/dpkg/status libpoppler-dev: Installed: 0.33.0-0ubuntu3 Candidate: 0.33.0-0ubuntu3 Version table: * 0.33.0-0ubuntu3 0 500 http://kr.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages 100 /var/lib/dpkg/status + I used latest version of poppler too. Application: Okular (okular), signal: Segmentation fault Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 [Current thread is 1 (Thread 0x7f640ae42840 (LWP 6180))] Thread 4 (Thread 0x7f63f36f1700 (LWP 6184)): #0 0x00007f6407db6743 in select () at ../sysdeps/unix/syscall-template.S:81 #1 0x00007f64087ed51f in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #2 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f640537c6aa in start_thread (arg=0x7f63f36f1700) at pthread_create.c:333 #4 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 Thread 3 (Thread 0x7f63f253c700 (LWP 6200)): [KCrash Handler] #6 0x00007f63f25f5619 in JPXStream::readTilePartData(unsigned int, unsigned int, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #7 0x00007f63f25f6b73 in JPXStream::readTilePart() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #8 0x00007f63f25f7a77 in JPXStream::readCodestream(unsigned int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #9 0x00007f63f25f9c95 in JPXStream::readBoxes() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #10 0x00007f63f25fa0d6 in JPXStream::reset() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #11 0x00007f63f25edbf9 in SplashOutputDev::drawImage(GfxState, Object, Stream, int, int, GfxImageColorMap, bool, int, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #12 0x00007f63f26419ca in Gfx::doImage(Object, Stream, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #13 0x00007f63f2642ce8 in Gfx::opXObject(Object, int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #14 0x00007f63f263cffe in Gfx::go(bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #15 0x00007f63f263d4a0 in Gfx::display(Object, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #16 0x00007f63f2683255 in Page::displaySlice(OutputDev, double, double, int, bool, bool, int, int, int, int, bool, bool ()(void), void, bool ()(Annot, void), void, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52 #17 0x00007f63f29dadc6 in Poppler::Page::renderToImage(double, double, int, int, int, int, Poppler::Page::Rotation) const () from /usr/lib/x86_64-linux-gnu/libpoppler-qt4.so.4 #18 0x00007f63f2c2be74 in ?? () from /usr/lib/kde4/okularGenerator_poppler.so #19 0x00007f63f738c613 in ?? () from /usr/lib/libokularcore.so.6 #20 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #21 0x00007f640537c6aa in start_thread (arg=0x7f63f253c700) at pthread_create.c:333 #22 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 Thread 2 (Thread 0x7f63f1d3b700 (LWP 6201)): #0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 #1 0x00007f6408701622 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #2 0x00007f64086fd8e5 in QMutex::lockInternal() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f63f2c2acf4 in ?? () from /usr/lib/kde4/okularGenerator_poppler.so #4 0x00007f63f738bf12 in ?? () from /usr/lib/libokularcore.so.6 #5 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #6 0x00007f640537c6aa in start_thread (arg=0x7f63f1d3b700) at pthread_create.c:333 #7 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 Thread 1 (Thread 0x7f640ae42840 (LWP 6180)): #0 pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185 #1 0x00007f6408703286 in QWaitCondition::wait(QMutex, unsigned long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #2 0x00007f64087028ae in QThread::wait(unsigned long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f64087ed0ad in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #4 0x00007f6407cf2d32 in __run_exit_handlers (status=1, listp=0x7f640807d698 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:82 #5 0x00007f6407cf2d85 in __GI_exit (status=<optimized out>) at exit.c:104 #6 0x00007f640928e6a8 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #7 0x00007f6409f83370 in KApplication::xioErrhandler(_XDisplay) () from /usr/lib/libkdeui.so.5 #8 0x00007f64071cbcee in _XIOError () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #9 0x00007f64071c957d in _XEventsQueued () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #10 0x00007f64071a5832 in XCheckIfEvent () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #11 0x00007f64092923e9 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #12 0x00007f64092a26eb in QApplication::x11ProcessEvent(_XEvent) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #13 0x00007f64092ccb52 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #14 0x00007f6404e96ff7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #15 0x00007f6404e97250 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #16 0x00007f6404e972fc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #17 0x00007f64088431ee in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #18 0x00007f64092ccc26 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4 #19 0x00007f64088110d1 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #20 0x00007f6408811445 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #21 0x00007f6408817429 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #22 0x0000000000409878 in ?? () #23 0x00007f6407cd9a40 in __libc_start_main (main=0x409430, argc=2, argv=0x7ffd3a61ac18, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd3a61ac08) at libc-start.c:289 #24 0x000000000040b4a9 in _start () evince 3.16.1 / xpdf version 3.03 ****************************************************************************** Segmentation fault ****************************************************************************** crashed file: fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1 Register dump: RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 RDX: 0000000000000006 RSI: 0000000000000002 RDI: 0000000000000000 RBP: 0000000000000000 R8 : 0000000000000000 R9 : 0000000000000006 R10: 0000000000000070 R11: 0000000000000000 R12: 00000000014af420 R13: 00000000000018d2 R14: 00000000014af420 R15: 00000000014d7600 RSP: 00007ffdede2b6b0 RIP: 00007f28d94be0df EFLAGS: 00010246 CS: 0033 FS: 0000 GS: 0000 Trap: 0000000e Error: 00000004 OldMask: 00000000 CR2: 00000010 stack trace: 0x00007ffdede2b6b0: 10 fa 4a 01 00 00 00 00 00 00 00 00 00 00 00 00 ..J............. 0x00007ffdede2b6c0: 20 f4 4a 01 00 00 00 00 50 dc 4b 01 00 00 00 00 .J.....P.K..... 0x00007ffdede2b6d0: 14 b7 e2 ed fd 7f 00 00 03 00 00 00 01 00 00 00 ................ 0x00007ffdede2b6e0: 90 d2 4b 01 00 00 00 00 00 00 00 00 01 00 00 00 ..K............. 0x00007ffdede2b6f0: 01 00 00 00 00 00 00 00 20 f4 4a 01 00 00 00 00 ........ .J..... 0x00007ffdede2b700: a0 41 54 01 00 00 00 00 01 00 00 00 00 00 00 00 .AT............. 0x00007ffdede2b710: d0 52 54 01 01 00 00 00 00 48 38 da c1 7a d9 ac .RT......H8..z.. 0x00007ffdede2b720: 90 96 54 01 00 00 00 00 10 fa 4a 01 00 00 00 00 ..T.......J..... Backtrace: 0x00007f28e4d22cc0: [catch_segfault():4000] 0x00007f28e3512d10: [__restore_rt():0] 0x00007f28d94be0df: [_ZN9JPXStream16readTilePartDataEjjb():287] 0x00007f28d94bf688: [_ZN9JPXStream12readTilePartEv():2920] 0x00007f28d94c1278: [_ZN9JPXStream14readCodestreamEj():248] 0x00007f28d94c3ff1: [_ZN9JPXStream9readBoxesEv():1809] 0x00007f28d94c4766: [_ZN9JPXStream5resetEv():22] 0x00007f28d9c8d753: [_ZN14CairoOutputDev9drawImageEP8GfxStateP6ObjectP6StreamiiP16GfxImageColorMapbPib():323] 0x00007f28d950ce45: [_ZN3Gfx7doImageEP6ObjectP6Streamb():3013] 0x00007f28d950e143: [_ZN3Gfx9opXObjectEP6Objecti():627] 0x00007f28d9508058: [_ZN3Gfx2goEb():344] 0x00007f28d9508558: [_ZN3Gfx7displayEP6Objectb():280] 0x00007f28d9550dc5: [_ZN4Page12displaySliceEP9OutputDevddibbiiiibPFbPvES2_PFbP5AnnotS2_ES2_b():357] 0x00007f28d9c76522: [poppler_page_get_type():482] 0x00007f28d9eb5ad3: [_init():13019] 0x00007f28d9eb616e: [_init():14710] 0x0000000000401a90: [_init():2368] 0x000000000040172d: [_init():1501] 0x00007f28e3158a40: [__libc_start_main():240] 0x00000000004018a9: [_init():1881] Disassemble: 0x00007f28d94be0df: add rax, qword ptr [rdi + 0x10] 0x00007f28d94be0e3: mov r11d, dword ptr [rax + 0x14] 0x00007f28d94be0e7: test r11d, r11d 0x00007f28d94be0ea: je 0x7f28d94be25d 0x00007f28d94be0f0: mov r8d, dword ptr [rax + 0x10] 0x00007f28d94be0f4: mov r13, qword ptr [rsp] 0x00007f28d94be0f8: mov r15, r14 HASHTAG: 8DBAE794E10FF8F8CBF9AA94744D5759 Thanks -Alex
2015-10-29 18:26:24	Marc Deslauriers	bug watch added		https://bugs.freedesktop.org/show_bug.cgi?id=92450
2015-10-29 18:26:24	Marc Deslauriers	bug task added		poppler
2015-10-29 18:26:30	Marc Deslauriers	information type	Private Security	Public Security
2015-10-29 18:26:43	Marc Deslauriers	poppler (Ubuntu): status	New	Confirmed
2015-10-29 23:36:15	Bug Watch Updater	poppler: status	Unknown	Confirmed
2015-10-29 23:36:15	Bug Watch Updater	poppler: importance	Unknown	High
2018-08-21 03:34:39	Bug Watch Updater	poppler: status	Confirmed	Unknown

Ubuntupoppler package

Activity log for bug #1505858

Ubuntu
poppler package