2015-10-14 21:09:35 |
alex.park |
description |
Hello,
I've found some vulnerabilities in pdf viewers using famous library named poppler such as evince, xpdf, okular and so on.
This is my short report and I used latest version of poppler (poppler-0.37.0).
Plus I've attached a finding as base64 format (sorry for the inconvenience)
To be honest, I already posted this bug on popplers' and developer answered the question (https://bugs.freedesktop.org/show_bug.cgi?id=92450#c1).
As far as I can tell, all of these software what I tested such as evince, xpdf okular on Ubuntu system have same problem.
So I'd like to post this issue in here.
in details:
alex@vm64 $ uname -a
Linux vm64 4.2.0-16-generic #19-Ubuntu SMP Thu Oct 8 15:35:06 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
alex@vm64 $ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.10
DISTRIB_CODENAME=wily
DISTRIB_DESCRIPTION="Ubuntu Wily Werewolf (development branch)"
okular:
Installed: 4:15.08.1-0ubuntu1
Candidate: 4:15.08.1-0ubuntu1
Version table:
*** 4:15.08.1-0ubuntu1 0
500 http://kr.archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages
100 /var/lib/dpkg/status
xpdf:
Installed: 3.03-17ubuntu2
Candidate: 3.03-17ubuntu2
Version table:
*** 3.03-17ubuntu2 0
500 http://kr.archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages
100 /var/lib/dpkg/status
evince:
Installed: 3.16.1-0ubuntu1
Candidate: 3.16.1-0ubuntu1
Version table:
*** 3.16.1-0ubuntu1 0
500 http://kr.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages
100 /var/lib/dpkg/status
libpoppler-dev:
Installed: 0.33.0-0ubuntu3
Candidate: 0.33.0-0ubuntu3
Version table:
*** 0.33.0-0ubuntu3 0
500 http://kr.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages
100 /var/lib/dpkg/status
+ I used latest version of poppler too.
Application: Okular (okular), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
[Current thread is 1 (Thread 0x7f640ae42840 (LWP 6180))]
Thread 4 (Thread 0x7f63f36f1700 (LWP 6184)):
#0 0x00007f6407db6743 in select () at ../sysdeps/unix/syscall-template.S:81
#1 0x00007f64087ed51f in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#2 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#3 0x00007f640537c6aa in start_thread (arg=0x7f63f36f1700) at pthread_create.c:333
#4 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 3 (Thread 0x7f63f253c700 (LWP 6200)):
[KCrash Handler]
#6 0x00007f63f25f5619 in JPXStream::readTilePartData(unsigned int, unsigned int, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#7 0x00007f63f25f6b73 in JPXStream::readTilePart() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#8 0x00007f63f25f7a77 in JPXStream::readCodestream(unsigned int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#9 0x00007f63f25f9c95 in JPXStream::readBoxes() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#10 0x00007f63f25fa0d6 in JPXStream::reset() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#11 0x00007f63f25edbf9 in SplashOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, bool, int*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#12 0x00007f63f26419ca in Gfx::doImage(Object*, Stream*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#13 0x00007f63f2642ce8 in Gfx::opXObject(Object*, int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#14 0x00007f63f263cffe in Gfx::go(bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#15 0x00007f63f263d4a0 in Gfx::display(Object*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#16 0x00007f63f2683255 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#17 0x00007f63f29dadc6 in Poppler::Page::renderToImage(double, double, int, int, int, int, Poppler::Page::Rotation) const () from /usr/lib/x86_64-linux-gnu/libpoppler-qt4.so.4
#18 0x00007f63f2c2be74 in ?? () from /usr/lib/kde4/okularGenerator_poppler.so
#19 0x00007f63f738c613 in ?? () from /usr/lib/libokularcore.so.6
#20 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#21 0x00007f640537c6aa in start_thread (arg=0x7f63f253c700) at pthread_create.c:333
#22 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 2 (Thread 0x7f63f1d3b700 (LWP 6201)):
#0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1 0x00007f6408701622 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#2 0x00007f64086fd8e5 in QMutex::lockInternal() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#3 0x00007f63f2c2acf4 in ?? () from /usr/lib/kde4/okularGenerator_poppler.so
#4 0x00007f63f738bf12 in ?? () from /usr/lib/libokularcore.so.6
#5 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#6 0x00007f640537c6aa in start_thread (arg=0x7f63f1d3b700) at pthread_create.c:333
#7 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 1 (Thread 0x7f640ae42840 (LWP 6180)):
#0 pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1 0x00007f6408703286 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#2 0x00007f64087028ae in QThread::wait(unsigned long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#3 0x00007f64087ed0ad in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#4 0x00007f6407cf2d32 in __run_exit_handlers (status=1, listp=0x7f640807d698 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:82
#5 0x00007f6407cf2d85 in __GI_exit (status=<optimized out>) at exit.c:104
#6 0x00007f640928e6a8 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#7 0x00007f6409f83370 in KApplication::xioErrhandler(_XDisplay*) () from /usr/lib/libkdeui.so.5
#8 0x00007f64071cbcee in _XIOError () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#9 0x00007f64071c957d in _XEventsQueued () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#10 0x00007f64071a5832 in XCheckIfEvent () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#11 0x00007f64092923e9 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#12 0x00007f64092a26eb in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#13 0x00007f64092ccb52 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#14 0x00007f6404e96ff7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x00007f6404e97250 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007f6404e972fc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00007f64088431ee in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#18 0x00007f64092ccc26 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#19 0x00007f64088110d1 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#20 0x00007f6408811445 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#21 0x00007f6408817429 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#22 0x0000000000409878 in ?? ()
#23 0x00007f6407cd9a40 in __libc_start_main (main=0x409430, argc=2, argv=0x7ffd3a61ac18, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd3a61ac08) at libc-start.c:289
#24 0x000000000040b4a9 in _start ()
evince 3.16.1 / xpdf version 3.03
********************************************************************************
Segmentation fault
********************************************************************************
crashed file: fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1
Register dump:
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000006 RSI: 0000000000000002 RDI: 0000000000000000
RBP: 0000000000000000 R8 : 0000000000000000 R9 : 0000000000000006
R10: 0000000000000070 R11: 0000000000000000 R12: 00000000014af420
R13: 00000000000018d2 R14: 00000000014af420 R15: 00000000014d7600
RSP: 00007ffdede2b6b0
RIP: 00007f28d94be0df EFLAGS: 00010246
CS: 0033 FS: 0000 GS: 0000
Trap: 0000000e Error: 00000004 OldMask: 00000000 CR2: 00000010
stack trace:
0x00007ffdede2b6b0: 10 fa 4a 01 00 00 00 00 00 00 00 00 00 00 00 00 ..J.............
0x00007ffdede2b6c0: 20 f4 4a 01 00 00 00 00 50 dc 4b 01 00 00 00 00 .J.....P.K.....
0x00007ffdede2b6d0: 14 b7 e2 ed fd 7f 00 00 03 00 00 00 01 00 00 00 ................
0x00007ffdede2b6e0: 90 d2 4b 01 00 00 00 00 00 00 00 00 01 00 00 00 ..K.............
0x00007ffdede2b6f0: 01 00 00 00 00 00 00 00 20 f4 4a 01 00 00 00 00 ........ .J.....
0x00007ffdede2b700: a0 41 54 01 00 00 00 00 01 00 00 00 00 00 00 00 .AT.............
0x00007ffdede2b710: d0 52 54 01 01 00 00 00 00 48 38 da c1 7a d9 ac .RT......H8..z..
0x00007ffdede2b720: 90 96 54 01 00 00 00 00 10 fa 4a 01 00 00 00 00 ..T.......J.....
Backtrace:
0x00007f28e4d22cc0: [catch_segfault():4000]
0x00007f28e3512d10: [__restore_rt():0]
0x00007f28d94be0df: [_ZN9JPXStream16readTilePartDataEjjb():287]
0x00007f28d94bf688: [_ZN9JPXStream12readTilePartEv():2920]
0x00007f28d94c1278: [_ZN9JPXStream14readCodestreamEj():248]
0x00007f28d94c3ff1: [_ZN9JPXStream9readBoxesEv():1809]
0x00007f28d94c4766: [_ZN9JPXStream5resetEv():22]
0x00007f28d9c8d753: [_ZN14CairoOutputDev9drawImageEP8GfxStateP6ObjectP6StreamiiP16GfxImageColorMapbPib():323]
0x00007f28d950ce45: [_ZN3Gfx7doImageEP6ObjectP6Streamb():3013]
0x00007f28d950e143: [_ZN3Gfx9opXObjectEP6Objecti():627]
0x00007f28d9508058: [_ZN3Gfx2goEb():344]
0x00007f28d9508558: [_ZN3Gfx7displayEP6Objectb():280]
0x00007f28d9550dc5: [_ZN4Page12displaySliceEP9OutputDevddibbiiiibPFbPvES2_PFbP5AnnotS2_ES2_b():357]
0x00007f28d9c76522: [poppler_page_get_type():482]
0x00007f28d9eb5ad3: [_init():13019]
0x00007f28d9eb616e: [_init():14710]
0x0000000000401a90: [_init():2368]
0x000000000040172d: [_init():1501]
0x00007f28e3158a40: [__libc_start_main():240]
0x00000000004018a9: [_init():1881]
Disassemble:
0x00007f28d94be0df: add rax, qword ptr [rdi + 0x10]
0x00007f28d94be0e3: mov r11d, dword ptr [rax + 0x14]
0x00007f28d94be0e7: test r11d, r11d
0x00007f28d94be0ea: je 0x7f28d94be25d
0x00007f28d94be0f0: mov r8d, dword ptr [rax + 0x10]
0x00007f28d94be0f4: mov r13, qword ptr [rsp]
0x00007f28d94be0f8: mov r15, r14
HASHTAG: 8DBAE794E10FF8F8CBF9AA94744D5759
Thanks
-Alex
JVBERi0xLjMKJeLjz9MKMSAwIG9iago8PC9Db3VudCAxL0tpZHMgWzMgMCBSXS9UeXBlIC9QYWdl
cyA+PgoKZW5kb2JqCjIgMCBvYmoKPDwvUGFnZXMgMSAwIFIvVHlwZSAvQ2F0YWxvZyA+PgoKZW5k
b2JqCjMgMCBvYmoKPDwvQ29udGVudHMgNCAwIFIvQ3JvcEJveCBbMC4wIDAuMDAwMDAgNzcuMCAx
ODEuMF0vTWVkaWFCb3ggWzAgMCA3NyAxODFdL1BhcmVudCAxIDAgUi9SZXNvdXJjZXMgPDwvUHJv
Y1NldCBbL1BERiBdL1hPYmplY3QgOCAwIFI+PgovUm90YXRlIDAvVGh1bWIgNiAwIFIvVHlwZSAv
UGFnZSA+PgoKZW5kb2JqCjQgMCBvYmoKPDwvRmlsdGVyIC9GbGF0ZURlY29kZSAvTGVuZ3RoIDMz
Pj4KCnN0cmVhbQp42ivkMjdXMABCQwtDMJ2cy6XvmWuo4JLPFcgFAFyoBiwKZW5kc3RyZWFtCmVu
ZG9iago2IDAgb2JqCjw8L0JpdHNQZXJDb21wb25lbnQgOC9Db2xvclNwYWNlIC9EZXZpY2VSR0Ig
L0ZpbHRlciBbL0ZsYXRlRGVjb2RlICAvRENURGVjb2RlIF0vSGVpZ2h0IDk5L0xlbmd0aCAyNTkw
L1dpZHRoIDc2Pj4KCnN0cmVhbQp42pVUeTjUaxv+zWYMjcwY40SWsW8jS0JoDqUyOZjhmGxJspW1
NI59jYOEMUilBSP7kn0UOZYwliI7OfaDytGxpGHm03V939f5ruv88z3v89/9Ps9zX/dzvy93jPs7
IEg8a3oWAIEAAHRwAO4kcBqAgMHf8iCgBwnjhcGgUBgfHM7De4jv0CF+Pn5+pABaECmAEuDnF8QK
ooQwwsLChw6L/IDF/IDGCGO+NQFBDmqgMAQMhsAg+ZGY/zu4rwAUL+ACmEFA0gAYBYKgQNx2QPwb
VRDsG9//BC/8YBYPAgY+gA0FAdABbTAUCjkY/A0FgSFQAMYDR6F5cUI61FoERlrDiOQsjJXR8pfV
PG6cFhUdk/40L7+q9aBc7KAvGPL35gAUBobwgOAHoCoKAEFBEBAPD+Tf2LfLKCgMjUvjEcJoOPsL
SxuRqt5GPW3lTgCHIAcoCoICCEB/AEMxqX6zamgk0/3kabav7JAZQeolsev5MYn5gMqOdNwnnaJC
Cx3sOLmOSE5r/ICGj9mor6325QeLJF25t6TBOHnTi6WltCQkAq/6Bb7gIgVmd8PSmZx8nH7MdAhH
+Nym08JRX9LVR+xTzyoSwiPtmdmXDL1fa7INK8ga9IZ5m5CaikwhGcKr1IxHrZfraASBBbQ+CTuS
HUBg1KnyITkrtyc+B1ohAuEy4QOnKwyacaaeACC8bVj3KZcgMPz++KhJwIm2sJwrzZ4F6HfWSgPw
ncRW7918RZ7RBqd45oRlQGxGIIyB7JJCDMxuxS6IEnx75F2zPTMCqatDksy+aUIieRCL/WMDS9dj
dXrty0ajdhQqX2ggNaICuwsW1CYV7OfMjRzufXY7Re8LYCgtXFzuUCJavWYaURYrpy3vObbEOF9s
adKwxVBwzfQavXdyHm+nT9lhdIjpd4ykUnoj+BhcYFpfAlky0XK188PIXjhLRDrpd/syf5KovkFp
XUdJjAdIaZpIvtvWSCLcpOT9hItLnfS44P0EykCIQaO2AevT9KDdMonc+A82zPslmTUMxQQi+dfq
CBOOUecW1nS9eq1l9daSY/Eo2EABJT5Jr6Bp6sUy3+B1y3+K/lEZBuR0jRtkzNx9/STgv5toFHe5
LZGj2YzwdpqNfmE0mUB7YzNTBE3ZHjlGHckKo5deNDA/4+foI+U00acq5NWnDdjOL3TKPRpPK/+o
sUtF6NRmJ59xoL4ZOm9r/ND+97rHzy5jwnvmjIpfm1VYVeiudnRaWcm1hZGwa95Yem7sM+ZQ32XF
ddbzX3GmhvVjQSqurE8J1pMOFxgTsh783pGZyyfpXqJH0TkZY3JqmEh9gLqvPPrFywnLyXHDmogP
+TTjO9Obp8T8paCxUZWSbYSUGxZb2mO73hlsYMuxv3H8yGaohYhsmR/cV+SDz2ohu4Tn6Ye8gT6P
LQzhSu1wm+U2aXmpJjhRssputS904/qBfPQD1+t8tyaDUxFM7/cOTri/UlOXp5HSvCAvo7kZrnzj
JEtl44Gf+LsgWP7+oH5yfXFMLheQmg9Okt0Z3/ptLVzmwhuxJi6gNvjerNB0gx5pE7vHcq9iJ3dJ
rpFuGGnoxlgzL/WzjgY/xNPU9/uRIpuyiX5b8M0XjK5a49bI3pfys3jCycbzionJPe/48UAufJxQ
sTIZXHBKPPC4K/NDUcPiV7/qveq/3LXmdac8Q0mzPG1h0Yk2X5ykBSbFU8JK+gWeirBsfAlPrkZM
mDi0IDzlZ+7PPxBvDnC4SBhqW67/WqPMVKW2y9CF3Fr4/5gof5lRZFq4ctclpCGmS9t9MUyou9yI
7W/ceOmlteF3mzVck+gx2BtJIZ3eVnF0rEjEexJJaDoD5cZJ2otJXlVNn3EfWbbtWhx6ZE6dSUpN
4djLcIHa+rcRqf4vTWghH75OrYkaZzwZZV1Xzx/I8rfHn7umDjPxuKXGIYT35dB0ZLeBkcazS7rB
wi4FPbj+aIooMsTCWCQqx1gqz8ZXlgvc0zy3l/9z/J/5D5/d0ke7RCw6Kij4vpmcpnB2iupLDglQ
9dIn129G45RXR6H27ylHPP98BfPR3l8aDARujuUkQHy2TEKPqd6wfNDp6GWvzBxTK8XVZUnlOcsx
tOaUoJiyqm6H7bn8/AwYGmxmo878YT2xYiWgMfvt/LXddef34/pveHNPXZdiH/P8uxAOkI+WnO9O
ujFn8w9vcfX6J0+X2rYo94eijWa7cW5qPfPOTif6V81fCRr/KlWmJEazY4OY8aw/Wrp03+d2G26H
UU8V+COONEe5b5eEPW0anl07+m4yVwlEtKb91haqwz52c4zj9kK6Q/U+NdUatyHYHzDHBYamSgKa
oOdHPWafld49UTBYJ4v3gOrMfsLcljVAwBP+tD7LBYx0LWYhSd292hTNyITieFhJCNo1Vpf8zF4A
g/0StQWDpQbqI3eAQtk7QloFZdZdh4ooSF3WskGP0+HGm5mQUmlNq3lBLGgu0lJHxrdSOCRUjhnI
Cni/n7W4M3VLd7/Oi6dso62azF4vzJzhm3vUbQGOafHeTY6/1vtj17h96+byZnVoeUj9z8eI/yOi
9mFXifDr5wqfsoXLq+z+6TvTVdwwNeyfZlsLDy1TNDZ3IA1XeucjaiVqFwIXXuwMxCVYZQX5JKfP
ljh3tO4QokpzUkKN/VgZG2ztIdEu1fRJU6mGuEuufXHziamzJGigpPl+ii/D3irUxWLdCXQPrtUr
oVKcNaswIVn59vPFEEtmZ1sZxSynznkgIyh1eHuqxJRomybSgdr2f2O+grhgrmRqvmYhxDRx49C2
OOPF2Twk96qJq0le/hLuA0rtgqPbbkeQDakWaIbmumQhTTAQci1uizijQsZnTSZRM8ceUF/oBTmI
PASFKJNSRcmvxEp8FBUq96nrjn8ZB9Oz8sfl7dXEi7UqzterJ6R+um7lcw6vtHhi1XqcbBMzd5Iv
RDI/ULhzfptBu/oxCHyi8VXaALjuPnDfnwvoUcgr/Sg/fLsAwVCk8Oe/6co0eVy+f6ELR2ROuc5/
+dj0mEf0inyPWNiu0ihWR2xj7DDTYsrbScVkC7xcTHE07S5fJS73dqMzylS/GAxOP4ecpyA5NMsJ
U/Gm9LGweKfbpXPXhFokj9Lsu7VPV3wuWmrP5EHIflaRH6SXdCCUiCSRtK/Vj6/qdtatgvGBnoKD
d6Ln6FDUJgQ/LKgj3kQLCb81IlxqW7yUa/fcdJWW3MB0mDYdU0SmbNq9ZnfSC1PaO9M6BpLzHxeB
vNFdb41eF+/plDTmkafodx4tZQtQye23fc4tOoyJzmRNjgfVmEXhLCI0dut+uXGJskexI7O3Z1rC
mgYz1vw1JryraiQvx9ny5s4P+1ZV6Hndgkm57MXPlV4ay+MCF4epm4hUVk9NngzTwuwMMUI6AK/u
rIVK6zx65i5eMxZnSNOZS2ucyumWpxeBynxT7boV+qyOM1Tk5rjj/wJbiNcZCmVuZHN0cmVhbQpl
bmRvYmoKOCAwIG9iago8PC9JbTEgOSAwIFI+PgoKZW5kb2JqCjkgMCBvYmoKPDwvRmlsdGVyIC9K
UFhEZWNvZGUgL0hlaWdodCAyNDEvTGVuZ3RoIDY4NDIvTmFtZSAvSW0xIC9TdWJ0eXBlIC9JbWFn
ZSAvVHlwZSAvWE9iamVjdCAvV2lkdGggMTAyPj4KCnN0cmVhbQoAAAAMalAgIA0KhwoAAAAUZnR5
cGpwMiAAAAAAanAyIAAAAElqcDJoAAAAFmloZHIAAADxAAAAZgADBwcAAAAAAA9jb2xyAQAAAAAA
EAAAABxjZGVmAAMAAAAAAAEAAQAAAAIAAgAAAAMAABpRanAyY/9P/1EALwAAAAAAZgAAAPEAAAAA
AAAAAAAAAGYAAADxAAAAAAAAAAAAAzExQUJDREVGR/9SAAwAAAABABUEBAAB/1wAE0BASEhQSEhQ
SEhQSEhQSEhQ/5AACgAAAAAZ8QAB/1MACQEABQQEAAH/XQAUAUBASEhQSEhQSEhQSEhQSEhQ/1MA
CQIABQQEAAH/XQAUAkBASEhQSEhQSEhQSEhQSEhQ/5PfeRgUELoEl1EyoPtNW7hq8uZzz6q+ri/F
Nv9y/Z5y53X7oIsAGd9hCBQQugSr+MeovGhNWTtKjjPedRGbQ4frbEKP3X3r3eQ5qN9hCBQQugU4
D1v88GcQ7fLH+oxjIs+6f+oTShbvWl1CcpCV7t94zPsH59JQJrhDoRV3CnED4Avu6PbY+/4638Ee
a6h6ASnZYzEl5Hac7KNDhIOjZbzkKuG++dNxflCc/1wFZ/oYHNENzyd/DXCLNsMktQmuS6D0Vs+k
rPpNz6xMHr8CG3DYO5Fn5wwWrD26yJcULS+bKdfv1OpS4F9VCdx96FRa9crOaNQ24mqyERSLGCR5
NvJnU+yl70WKKA/GU/9ROs+kxPrHJ9A8Hx0SBEckikBOOIkAh56Pj+YGRX+NkXILLusEm1yEYi6v
Mdwl/rs6yplgL8+DfO8hEX/SiRgkdve+eLIR6I/Yaau0S8+mhz6XcfMvFp0Mb4vDGw9yUPy514Wh
6wRE9bSQ2vNSdgwcUWBUpttHCp7HDMeM22ET21yJUJI/16mEWME4/Edc67jCcbDwMoAoXRseWwHH
bfVa4YYSMi5V+G7F+0OAYdU6e3qQjeX/X2wsjIxwhckTc9n4+9RnBO+cKzol3eW/YNH/OLJbGBPb
LAiWlZe8At+wQMg9GMON9mLodFa6tcixY2qr8orBhNiXwVhmsMeWH0Opj3bPlXz5VEfGlBac+Bmk
BePviy00pqzSZtm1nAaf3fP3aswRh0to9P7/OqD4GxoeI7hNZ/mv4pCuGxerVUuE+FZOsCMVSmiY
RLxUrucPBRvM8o9U1JKjLKUnbSIwsw8BBhgTwwYVdGdo22SQU1PEEjsMdqx34RczSAv+gYT8z9zM
bQI5/BvPmbz5VUfGlBac+DQRLiX5GAUeAKfVaTvgRN0Y5Fy0BnaDEBWd9G/VDQnU0x5BVBt9h8F4
VBKoR1uHrGzKDz4bF6rj/0HlpHPyk6nUfUm3bpKdNqPFE1gEP5zyaKCo0QvvM0Nwn0y1Yn0YE8ML
LimdgxCb6vKAJCVweneaH/m3e/M1qVxQQpBkHVeAMZ94306hvp0bPmu4cJKWwZzM2J9gN8Wis/Q4
HpRFeALli2J9O1k9D+IAJh8igYDOEqfQ9kPO6Tkda5Uh04Lc86S90s/QaIlBBkhNQIp+JQDmP7vh
1HyAMuRkbH8RTGxTGjL2P8tm8lkiI6mgbsaOGeQFqIH5gQ5elMbjT7no/V+03HfQvEAX4/z/KiiT
daNkmXo9D+yEsg8nA6yr3cez3Psl9POTckOrb95lXxZkTx7kEmAYIuXlfw046EihLyLoZMTa3Dq4
7dRlGqsnpYJnBk5vTC2J9t93Y2rG2B2SVbPEhAoHusOpUitWl/BoIHT5kSqFmXES64ixJ1yE26dL
MsI3ZlWukKhgoJjZUaSQsqHbQ8CAY+yvagSbij1kQHxsmG0uM0xYqnCJ4m8shtun3cBUlgDdUbvW
oRUmza9Isz4mCiuIu2FTQFOIiYgU8h5buRpw8nCgtTYMoCYVropHwTKb/atYZG1Iwjn0BNda3czG
MbaHHZZ03wEhtUBKvBdKgLCgIGg+kElZOQPDB6k4b9SsJzLn5IigdxwqkMekwehM3bW15cvWsbrZ
bENH4RuS08+S53zWOfHTgCKuujHIuqOY+3KP16t2jmMkGCLa8GF76b+GLYe+GwNaLul2moUEeLPc
OT68GQ93ftayQZs7PRelnCkedIefm/KemlUa2E7u6xETwjiqD41hBPeq6JVkdr64XtMEzO8WZeWu
TQOrUOQ1SVwhbyXMRb1ZKrNkTx7lnz8cAO9CCaFWEZ8RKRKaT1E/HGoUHORkonIn77ZEc9/GP4ZZ
xeJH79eNMQQqFIab+xUinbElrnWvwrgTjvT7rHrKF2zn6vkTNHFsrt7Lkr24nWHbLd+Qys15SWsB
j8w2S7xAUD6EKi+uLWXk6qQImORwK7imsDMrPi32H0vS6bDieYOodhiHb1PICC8QTbXAi7lhKn8i
4frW/J38B39rfT0CEDd8V/MvzI02IczPjuV81lnyUsAirroxyLqjmpm5qk0Own92qwlKBp4gs32n
PcRyCCAK1iPwM82XcYB/85WC7cR9eBQPZXsisSqYfFLc53s2mK6k+f8y0ljddzWrvp/IbPROP+pe
s0hwnZdKRvgcTrJq0QxpbQgnmx/JrejRnECloJMX4J5kTx7lnz6RtLnlF8OOKSgBuE0ftZpOIXke
GQPH/YVCPOxYNvLDfggjtP0E1rP1Xwn2cklSfA6h27oDTisQQ2GToEXsxuJpzwbXcdfLy6UStcCH
3bQJOge8rP3t4BdvT1eO03WjCzZLvEBQPoPFyW19ju4ycSY6qDYZQD/ApIyXsw0qZ3BZu4dkoWu/
Wxhag/lYhwsYOvKzJ87pmhYu39H1VcAvYmt2OdvzYd/fRPEaJ983Vu+bpjPk3EDH7a0zX+7PCJIT
Winw36EA81e2BtiiJU4sv79wzlRMcCq7VSE5kywajauBwa4ZPXNKAmFiHNDoh5fZoDq+N5PxLaDS
/hrtFsDMq3V4rOhv2krAViOb5xZD3HLrbkf/QO4wxyw9cswoPL2Smjpgkwk089CYDik7mH2j8aVC
yHYjlIoa/V0iLl46rqoKc/TxvwRmthjfVGS5WOKM5wNumHu29EBYzBMtjitHYMb+ZcboP75ZNcRw
9mCgFPWZWK0JvbYPlD7XKX1HBGFhM529ochobAZup3RfuVyLsR3jBzdHB1Wb7pzZLNqdE3gQwsZc
uNvfCu2tcHpdDSD3OqoPygKQCi4Ggey3cgOYy2cb/BpZ1pBBHrbRWzNc/OFFMD0AaGz8CGJjvA5H
WEI2mfL0prbPeNmQz9wYpLvfovuaPpDB8YMIsuQ7XGiwzwLyeXL8Sv664lXOuXBrIsCuyOLMrqEC
zD30uKMRvf+DL6K7NJqpygodL9ngtOZpU2UpdsiCF/sC9xF35/v0BHUJjQH7r98c0wgxJIn5GjN4
fjCfis4DCWRVeHFXV/dzH5lPjI7NbS6YCbz+l7ubCn0Jiyj0/s2VrRbyECBu9VpAwthcqtBqPqzr
OYCTgZ40Wh67M0ToKh5sJ3H5blnFLjI81BOslHkfDCPCLaSt2fIfFnj21hzYrmsR6h22cRrgBiKw
gt9KSFnc+IS+fNYldGzuPneztGMGXm/W9QjbT1o1K6kGZVGiTx2aJVU9fCIHhUIeZc9atIx/4PIk
Ukn/X0POWno3YMQMde6REeNFBrlkEew1QhSDLdbqorm+ahv5NRMTB90aC/cCagF6K+WTgxzKAgGb
9T1lJmDBYalL+eWHa2fbXdKc/M6vhTJ5I7QFAkE5Z4Q8GFuqKFwmCFSjDWAYrt7UCrkX87VOFcCZ
XQGMsb2HQEzSDM73Sh3S/JuzjDaif8dEe8OHQPxaCXWlmLEFTwMcAVUAlMSkAJ8tBiFQAIvAZyZA
QKROEkE6JXqmKZseXkDDviEXc+H0rX/N0SKpkzQ8w7zZvhQS8GZ0zHzCPC7Y+U+AuK0IYSxQ2xVe
r6WAcUfK04KRIdzwwQvx+BAfNGPeI+MRWmKvO8Dh1NXTa5RWO4N2kNWReiTYKpltbYMtFALAgGWL
LfcW1vheI/AOXZda4M+Hs2+PYk+HezNxemvOGHWpqx5BDvUrjJgBnHiQxbg2DqhIQ0DkhMLNyHyz
CJbts/B1Oep01paixNX5uGeScS6XfytgUYEmIG5BRl+6awCIcusc9adnmvX5xxsGaq5hSo3JtGvv
kjLOhZUpOoBa+WqgGnoWywnHLeA/D5E18AuQCZixPbgH9PFeyhCyli6WS05uSzijrCRMElPMhkXs
Yu5tILBpUDMnVwnNnKyFn22G5GbFtbdh0Q9NuOkJP4oznhnxEz5oK6+Ra3R/YD83I9zZDLmv3Tbi
zK6hAswGIb2SL6r7fr4cPWriCMLCbCYTQDOa5pCp1uQ8BG47+jZf3JJkP7Pz/qLd9hUuE2fgH6dw
Jsu8/OhOlwtptnoGMcrT3bAYD1YC7AY+EkoTWq2X5A5lBgy2JdF3wg9frDonTVQLYkC8pDUNdFRO
zTpBglq9ry4jxcGMUp9/Uityw2gB5b8zlJAGdIS/NbRj/xeiAyHlJhhvf2sCswrtFIoVhxuEZG8H
mn+n5RJfMxnDldAb+GJtEuRDkUMCpuvFXdKdQPeGX2CWmpU7lze1xVS7OC0i4XZeF3efcgyr7DjG
HZjvBqPpTxGE7b5hWj8ZQQYzZGRhnh+jbKAzGe/Wy6DVgO8jJ4a6GHrLzjHx6OVb8q7WkjF7GwsK
F1IVJnUCvnwNjib04FgaZAIQhLoCiVk6c7RaZCnwJsRjz4exr49bz4dqM3F6a84Yda7ioM9CciUE
i3xCQVVYjCeIchjc4yRz685wgXBjp9aYjrLY9vrUx6LuJzEBR4hAApJiS/JWv/DI4gjnDXKkrEaM
exe+UijtM6DGxqGAC1Ax8Lw8bdyp7KNaNxWvd8bweLH7lvGWwYV8q/l0aWaAqpxl7rtoqQUdToAN
9gwREmOeveHGLTIwI9eq4cNT6vt2PUdN5IQxY7WnOYm3kYm1nFrapeksALqom6/SkdORp4T65JdR
i8nWx9Sh52947i6O4sy1mke45c4blM5TGvoN55UQIujGzL6Uct6Ow9pvAo2ZKCeia236T2MSuev3
Mb+darLnLz8YBOlsiCfmeRvOdhEafmK63tdyBk5lwf7pMWJtkTgaNcnLQSMULCvudg9WUud3OGWA
PCKD90NzpVQ3JvkH/Z4OHj9A4sYaDRppaZIP3cM3w5Qg+JpjJNWgwbwo6GYQIvzedz6zmLry7JLD
ltKxF32gKT5S8RK9cHTack9lCbTW0HC4XdKdQPeGX2CWmpU7lze1xVS7OC0i4XZeF3efcgyr7DjG
HZuOvmPM/xWY7T+aoFtQvOpz5Sdu/1c98Pmu5E/gTWZc6PQbH+cFdSXOTqgYSzwPnkIHwLjKA8Py
aMG8ukem5SDO0yo9PW40vOfi6m/i6XZ+Lo3+LqJj8PW34OigvbjH+lgI4dtiGHua0t83mYgzInXT
LaYoE9qIk7nS/dTKdnczbi/RQnYUwr+6esrRiCziNp/cngzaPyCbuJ0BrCGWsGC0TyLX0XXaAydm
5IZiDTLplLwcpNYmoLVOsGAVeTxNcyZbEJvwBAHtPaVgkkkibl6gGrpWVpiRZ1jL6MZ6UzXvLqMI
KvDQzaqLZRIvqKbstdIuYxMEaxopWDaUGipd0SERY0CVAoipkpluZ3Fm8O8G874b6vzSRiyeTXVm
sFDdjfpMPt57526Rd3p4C6Pc+j1odqrAoUxGiDF6x3AQmKjeN46I1zqeMpYbCWpVOzGT6EP+eYV3
D9YX4Z8ZwSYbVB2njIbYB57p7PNoMdZaEeOEiVjQckc53/WXKSTEKNVUj5XRvY2jCMPv4ktlIgY+
q8P7KQwmcoTredOkwzhUGPihAU0PMEunjQLtjmef8B4UovkLePWpeDVKPNDvuLlV6h6k7ShXVbWx
FxNYVH5y5Jz+QFCQoU3f7Y7Hi9oO43pXTU/wguBJ3c4Pz8HsNdlfxc0B01PuEpiGW/f98Yd8+g54
BXMmA6pfRlLThfmfRtIvSwpytXHd0T1ZHvcj47oxSwpK14on1VJfr6UPOrlmYPtRdYQKzhfMwghu
Ze0z7KBi4RJWmRItyG/+hJWa67lnc638Oa0Lanu4sgpYrBuO6J5wznSX0WjTu5oI5o39rX6z2Zc0
79/Oj5GqFBD2WSJXNLwQRMsio9SYBqlfO+DYwu5RoWiMsW2wrVY6DvRNOCLUtzH0EYA+VBtUo0zE
Vmj0YSUzadY+wXkuF3JMOsShOJpc2TYq7XkExgIgJgR1zOfSnHWYy2oSVH92iu7iiaA+p3k1IQob
erURmXpNUF6bfatLVeWFuCuEMENxODmEDxJUJAn5jkilqoTotiTe+KjM0jx7O/XzGQZnBqsGqkmD
w5/adU9jLD1kF5vBwBwwOtd2yQqZ4SolwOyv0KHas2JwqE4Cb63kVfi5snT2UXZ2r9UCZwsKfUfn
+yK0EjpqlQgqxq8H4kcbvnuh46NTPQd+hUVVe7GPAKaix4HNyynr3YbIPVfynTBeSb8255l0Zqj6
aiCvTvj+VPZFR03tlZxIYWjiNUk8dQ+Zl8r2YzeYQlJ8YAJm4aBnl3hnmS0n08xvZzaWp1aI+Kzv
pMwB9ASH5F7Cxrd6Q+4Hpa2cleaTMuGPlStdQnG95vd2mjqhZzqeOOtGwQrJFD0kJxY3O3dOO1yR
julip4kyiQ9cqXqWCNI/4V5IG738VascWZrvd7jrrKvRFxv6JTrv3Wr6A2cPO9/V6Akglki+0BYU
ZVIrfJv9u7o6Zc0SeIocPtVEjgSQU+Es4I/R6rIpx1v1DfoKZHMZe2MlqZb63y9WKl7ysUB4x+Eb
sLxh338ngfbaG3zQtgwftdlJahHr5QGX7FclMbRoQw91gIx39lnoF9/VAK0a1f46PKBVXlhtpuIZ
FpPwb1Z14RhVzGH09ONnXiqgDO3PF7kihfdasaTMlT3Aqltj4aptwFVNWCLkCUfJJTWEFtU1vN8o
qzlGaH5t9+j95qPis8llabhLgkWgtRjlr15ZkbBE2Mx4CnbxDLsBL3bhIzkpVyNTI0Qj9Y9sUcFB
b1ciK34Gj0tcdfreL/K32+a8EuXewQbuiZympYvD/sIPL1XRU+K3Bx8qJXJOwH0V82R6tImKGnUF
8Jqf6E6SWq4hjdFTgzzTgpD1iQpFr0rp3HJRMLv/Z6oLfWiMnbFdPeWvPWoOUnLSd8560eR/UkI0
l6L5LdRzHAp7pLAjy/diO2BvPgGvwwkKEKKCjJ/LUq5tchWQH8naeivvoRWNznLsCWCTyUCAKn6N
hBrjnBrKWipxOK/fnKin75mc5sc4cv0PQREywCEg2gNuqGLXEDzjIkvqefci6BcW7YZhv19Uk+pB
2Ws7nDCNVR+wvaUdtC09ZPbx5Cp0A+T1rCDchn/tmYz9UPmTmfyrZ5/omEWuotzzYNRnbbGLDfIL
bOFNU7qwGN1S8O7grpoL0XJq60ppibks+e5LH0X7TFN9nIBEOemxYMbzPbY3kVMAfRjVaRss0oYv
KZnnuwfdV57uv3ZuPLviwL24x/pYCO+DrKne7k6skyyhd8+RMxKUqW8vce1gQ5iUqweSI7/67sLi
t6Wf1OLvIDEMurisvsLol8lDmP8pLY0cx0jY+NOAXpDaA2Rcsg6OuDI5ODAntIaZTO4yJSa+K8mE
0lOJJhmlTu3k7nj1Qm/XYUVlbN113UAK8tcVqbxTH3u+iOgGJBGKz5o56MNTerccXRZZpikuHtLX
rCH9ukJ9vCpmXnbhCbFP9wxF3knRIPFhfN0J8V27f+rNe5unmZ6jjJq6hLDOw8coRIJUNJP3fpFp
XwcaKTKVzwbmMP5sMXAsZZKgLXvRnh3pX6WkR7AAoai7h6ClBz2ddfr8MDAHlL+AOMENmal1uHaK
8q69laFhfZayW2kro5tkZt+/6biNP2T0rlaQC3gXeixAOhE404s782bLCosLFJSryEshK35gBqxj
rOFaYAk00JhtTfIbslu0XGoD04wHq3Q7cd4aVEPD0Zyv/xgy3Qg/HhMBYnuyR7GrBHVEO7MYanS+
ztiTMciTkPNH1GOX7ajRm/4VQrcIe8d8ptLWkf9Ts0QiT9ozRBODOe8O/tlJxNW96WhpB1KwXWnt
ojXq4Dd8zja+CsuBdDJmFNxhHfxYWP5o0K8RNdHei0UA6VlWqf0oSKqN+ibC/0M1NfSaC3O2deQi
UM4ZuRtE+Qh1ARfA7GbR49RKFun6zjyaBmGBpqsHF3qIe254/m+mjYwaRS8SfUZifcbD9kUg05ip
xM4Zpd5Yd5uFXUXWUbDYD0qDTwjfZWcFPwlvLulBIOQ5Ca+JoCm7ZJ4BUVs9yjbsgUYnN/yivvLB
1A4irJsVr9cRKytWCtvU5hX157sH3SGe7n90lj3QPFi9uMf6WAjvg6yp3u5OrJMsm5jS5JDE7+6T
MY0/RT2Ei+F1FvgLUG8xB121rYRhl08Kv477U2EeMORmdGyDYNkEjSU6I/KWeeRPmm8vmFO73f3k
RY6AJACtkW4kf7rxm72O3BiVK47WrVSO6EcwEsGr0PdVfanveAt9gAXRf20oSwZbN1Xv7IUz1czV
86LN12VHr9eSsYdnfVAHRZHdRQ8/c0KYJnojNaaQVh0G9RHpBP0EK+iPsEcpisxJspzKRDYm0hiq
8pc0CaNTNGOaBnIg4XSmmj1JBAQSyzagE4SZ6U3SRs0EjzeXjBVVk/E7Cat2i0EPI8Dpr1EApWL/
QbJYiEXNfIvSwxzW0HcfZklH42KzPFCpAAZaMIlzPBzpoQ7vpmjM1GW4BSsgmvq86E5yTHXdVctZ
Kuj12uXbj3zUR8uWbwWfTkXs5aSm7WUiMvFiBG8MMfkKqYq9uR/T/0eN2iBC2JNVRoxSVIvMbkpl
HpLIqrzfq5XjZ3WAPP58dVF7h4IgfNJJyFxNtWwTJumVABRus6NbjT7NVjc0mn/EbKGBVkbm8h5P
qBtjb3CD8wdCnWGjaF9+zK21UvmSoPU1grXReGHYNeufWfzXLYCyhI+utJfGcd6cPogXEHEeSiiN
pcGEw3b1o3iumz1JXwzibDMj/2SJoKhaTZ+FQ9SiVGeMGPCXD5qujt+RJNG5mkMm2qznXWg2+aJA
xVLXLaw+lsAafuEVwnG9ANEu8yzGtItFmurq1xErK1YK29TmFfX/2QplbmRzdHJlYW0KZW5kb2Jq
CjEwIDAgb2JqCjw8L0F1dGhvciAoQWRtaW4pL0NyZWF0aW9uRGF0ZSAoRDoyMDA5MDkyOTEzMTU0
NiswMicwMCcpL01vZERhdGUgKEQ6MjAwOTA5MjkxMzE2MDgrMDInMDAnKS9Qcm9kdWNlciAo/v9c
MDAwUFwwMDBpXDAwMHhcMDAwZVwwMDBsXDAwMFBcMDAwbFwwMDBhXDAwMG5cMDAwZVwwMDB0XDAw
MCBcMDAwUFwwMDBkXDAwMGZcMDAwRVwwMDBkXDAwMGlcMDAwdFwwMDBvXDAwMHJcMDAwIFwwMDBc
KFwwMDBWXDAwMGVcMDAwclwwMDBzXDAwMGlcMDAwb1wwMDBuXDAwMCBcMDAwMVwwMDAuXDAwMDBc
MDAwLlwwMDAwXDAwMC5cMDAwMFwwMDAgXDAwMEJcMDAwZVwwMDB0XDAwMGFcMDAwXCkpL1R5cGUg
L0luZm8gPj4KCmVuZG9iagp4cmVmCjAgMTENCjAwMDAwMDAwMDUgNjU1MzUgZg0KMDAwMDAwMDAx
NSAwMDAwMCBuDQowMDAwMDAwMDcwIDAwMDAwIG4NCjAwMDAwMDAxMTggMDAwMDAgbg0KMDAwMDAw
MDMwMSAwMDAwMCBuDQowMDAwMDAwMDA3IDAwMDAxIGYNCjAwMDAwMDA0MDQgMDAwMDAgbg0KMDAw
MDAwMDAwMCAwMDAwMSBmDQowMDAwMDAzMTQxIDAwMDAwIG4NCjAwMDAwMDMxNzIgMDAwMDAgbg0K
MDAwMDAxMDE0NyAwMDAwMCBuDQp0cmFpbGVyCjw8L0lEIFs8OURBQkExNjZBRTNEQzZFMjA2RDcy
QjlBRUNDMUY4RDE+IDw5REFCQTE2NkFFM0RDNkUyMDZENzJCOUFFQ0MxRjhEMT5dL0luZm8gMTAg
MCBSL1Jvb3QgMiAwIFIvU2l6ZSAxMT4+CnN0YXJ0eHJlZgoxMDUwNQolJUVPRg== |
Hello,
I've found some vulnerabilities in pdf viewers using famous library named poppler such as evince, xpdf, okular and so on.
This is my short report and I used latest version of poppler (poppler-0.37.0).
Plus I've attached a finding as comment below
To be honest, I already posted this bug on popplers' and developer answered the question (https://bugs.freedesktop.org/show_bug.cgi?id=92450#c1).
As far as I can tell, all of these software what I tested such as evince, xpdf okular on Ubuntu system have same problem.
So I'd like to post this issue in here.
in details:
alex@vm64 $ uname -a
Linux vm64 4.2.0-16-generic #19-Ubuntu SMP Thu Oct 8 15:35:06 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
alex@vm64 $ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.10
DISTRIB_CODENAME=wily
DISTRIB_DESCRIPTION="Ubuntu Wily Werewolf (development branch)"
okular:
Installed: 4:15.08.1-0ubuntu1
Candidate: 4:15.08.1-0ubuntu1
Version table:
*** 4:15.08.1-0ubuntu1 0
500 http://kr.archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages
100 /var/lib/dpkg/status
xpdf:
Installed: 3.03-17ubuntu2
Candidate: 3.03-17ubuntu2
Version table:
*** 3.03-17ubuntu2 0
500 http://kr.archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages
100 /var/lib/dpkg/status
evince:
Installed: 3.16.1-0ubuntu1
Candidate: 3.16.1-0ubuntu1
Version table:
*** 3.16.1-0ubuntu1 0
500 http://kr.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages
100 /var/lib/dpkg/status
libpoppler-dev:
Installed: 0.33.0-0ubuntu3
Candidate: 0.33.0-0ubuntu3
Version table:
*** 0.33.0-0ubuntu3 0
500 http://kr.archive.ubuntu.com/ubuntu/ wily/main amd64 Packages
100 /var/lib/dpkg/status
+ I used latest version of poppler too.
Application: Okular (okular), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
[Current thread is 1 (Thread 0x7f640ae42840 (LWP 6180))]
Thread 4 (Thread 0x7f63f36f1700 (LWP 6184)):
#0 0x00007f6407db6743 in select () at ../sysdeps/unix/syscall-template.S:81
#1 0x00007f64087ed51f in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#2 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#3 0x00007f640537c6aa in start_thread (arg=0x7f63f36f1700) at pthread_create.c:333
#4 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 3 (Thread 0x7f63f253c700 (LWP 6200)):
[KCrash Handler]
#6 0x00007f63f25f5619 in JPXStream::readTilePartData(unsigned int, unsigned int, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#7 0x00007f63f25f6b73 in JPXStream::readTilePart() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#8 0x00007f63f25f7a77 in JPXStream::readCodestream(unsigned int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#9 0x00007f63f25f9c95 in JPXStream::readBoxes() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#10 0x00007f63f25fa0d6 in JPXStream::reset() () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#11 0x00007f63f25edbf9 in SplashOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, bool, int*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#12 0x00007f63f26419ca in Gfx::doImage(Object*, Stream*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#13 0x00007f63f2642ce8 in Gfx::opXObject(Object*, int) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#14 0x00007f63f263cffe in Gfx::go(bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#15 0x00007f63f263d4a0 in Gfx::display(Object*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#16 0x00007f63f2683255 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) () from /usr/lib/x86_64-linux-gnu/libpoppler.so.52
#17 0x00007f63f29dadc6 in Poppler::Page::renderToImage(double, double, int, int, int, int, Poppler::Page::Rotation) const () from /usr/lib/x86_64-linux-gnu/libpoppler-qt4.so.4
#18 0x00007f63f2c2be74 in ?? () from /usr/lib/kde4/okularGenerator_poppler.so
#19 0x00007f63f738c613 in ?? () from /usr/lib/libokularcore.so.6
#20 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#21 0x00007f640537c6aa in start_thread (arg=0x7f63f253c700) at pthread_create.c:333
#22 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 2 (Thread 0x7f63f1d3b700 (LWP 6201)):
#0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1 0x00007f6408701622 in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#2 0x00007f64086fd8e5 in QMutex::lockInternal() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#3 0x00007f63f2c2acf4 in ?? () from /usr/lib/kde4/okularGenerator_poppler.so
#4 0x00007f63f738bf12 in ?? () from /usr/lib/libokularcore.so.6
#5 0x00007f6408702d1c in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#6 0x00007f640537c6aa in start_thread (arg=0x7f63f1d3b700) at pthread_create.c:333
#7 0x00007f6407dbfeed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 1 (Thread 0x7f640ae42840 (LWP 6180)):
#0 pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1 0x00007f6408703286 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#2 0x00007f64087028ae in QThread::wait(unsigned long) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#3 0x00007f64087ed0ad in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#4 0x00007f6407cf2d32 in __run_exit_handlers (status=1, listp=0x7f640807d698 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:82
#5 0x00007f6407cf2d85 in __GI_exit (status=<optimized out>) at exit.c:104
#6 0x00007f640928e6a8 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#7 0x00007f6409f83370 in KApplication::xioErrhandler(_XDisplay*) () from /usr/lib/libkdeui.so.5
#8 0x00007f64071cbcee in _XIOError () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#9 0x00007f64071c957d in _XEventsQueued () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#10 0x00007f64071a5832 in XCheckIfEvent () from /usr/lib/x86_64-linux-gnu/libX11.so.6
#11 0x00007f64092923e9 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#12 0x00007f64092a26eb in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#13 0x00007f64092ccb52 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#14 0x00007f6404e96ff7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x00007f6404e97250 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007f6404e972fc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00007f64088431ee in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#18 0x00007f64092ccc26 in ?? () from /usr/lib/x86_64-linux-gnu/libQtGui.so.4
#19 0x00007f64088110d1 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#20 0x00007f6408811445 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#21 0x00007f6408817429 in QCoreApplication::exec() () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#22 0x0000000000409878 in ?? ()
#23 0x00007f6407cd9a40 in __libc_start_main (main=0x409430, argc=2, argv=0x7ffd3a61ac18, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd3a61ac08) at libc-start.c:289
#24 0x000000000040b4a9 in _start ()
evince 3.16.1 / xpdf version 3.03
********************************************************************************
Segmentation fault
********************************************************************************
crashed file: fuzz_id_27683_OliviaOil_24.pdf.tc_bf1_pos_3460_size_1
Register dump:
RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000006 RSI: 0000000000000002 RDI: 0000000000000000
RBP: 0000000000000000 R8 : 0000000000000000 R9 : 0000000000000006
R10: 0000000000000070 R11: 0000000000000000 R12: 00000000014af420
R13: 00000000000018d2 R14: 00000000014af420 R15: 00000000014d7600
RSP: 00007ffdede2b6b0
RIP: 00007f28d94be0df EFLAGS: 00010246
CS: 0033 FS: 0000 GS: 0000
Trap: 0000000e Error: 00000004 OldMask: 00000000 CR2: 00000010
stack trace:
0x00007ffdede2b6b0: 10 fa 4a 01 00 00 00 00 00 00 00 00 00 00 00 00 ..J.............
0x00007ffdede2b6c0: 20 f4 4a 01 00 00 00 00 50 dc 4b 01 00 00 00 00 .J.....P.K.....
0x00007ffdede2b6d0: 14 b7 e2 ed fd 7f 00 00 03 00 00 00 01 00 00 00 ................
0x00007ffdede2b6e0: 90 d2 4b 01 00 00 00 00 00 00 00 00 01 00 00 00 ..K.............
0x00007ffdede2b6f0: 01 00 00 00 00 00 00 00 20 f4 4a 01 00 00 00 00 ........ .J.....
0x00007ffdede2b700: a0 41 54 01 00 00 00 00 01 00 00 00 00 00 00 00 .AT.............
0x00007ffdede2b710: d0 52 54 01 01 00 00 00 00 48 38 da c1 7a d9 ac .RT......H8..z..
0x00007ffdede2b720: 90 96 54 01 00 00 00 00 10 fa 4a 01 00 00 00 00 ..T.......J.....
Backtrace:
0x00007f28e4d22cc0: [catch_segfault():4000]
0x00007f28e3512d10: [__restore_rt():0]
0x00007f28d94be0df: [_ZN9JPXStream16readTilePartDataEjjb():287]
0x00007f28d94bf688: [_ZN9JPXStream12readTilePartEv():2920]
0x00007f28d94c1278: [_ZN9JPXStream14readCodestreamEj():248]
0x00007f28d94c3ff1: [_ZN9JPXStream9readBoxesEv():1809]
0x00007f28d94c4766: [_ZN9JPXStream5resetEv():22]
0x00007f28d9c8d753: [_ZN14CairoOutputDev9drawImageEP8GfxStateP6ObjectP6StreamiiP16GfxImageColorMapbPib():323]
0x00007f28d950ce45: [_ZN3Gfx7doImageEP6ObjectP6Streamb():3013]
0x00007f28d950e143: [_ZN3Gfx9opXObjectEP6Objecti():627]
0x00007f28d9508058: [_ZN3Gfx2goEb():344]
0x00007f28d9508558: [_ZN3Gfx7displayEP6Objectb():280]
0x00007f28d9550dc5: [_ZN4Page12displaySliceEP9OutputDevddibbiiiibPFbPvES2_PFbP5AnnotS2_ES2_b():357]
0x00007f28d9c76522: [poppler_page_get_type():482]
0x00007f28d9eb5ad3: [_init():13019]
0x00007f28d9eb616e: [_init():14710]
0x0000000000401a90: [_init():2368]
0x000000000040172d: [_init():1501]
0x00007f28e3158a40: [__libc_start_main():240]
0x00000000004018a9: [_init():1881]
Disassemble:
0x00007f28d94be0df: add rax, qword ptr [rdi + 0x10]
0x00007f28d94be0e3: mov r11d, dword ptr [rax + 0x14]
0x00007f28d94be0e7: test r11d, r11d
0x00007f28d94be0ea: je 0x7f28d94be25d
0x00007f28d94be0f0: mov r8d, dword ptr [rax + 0x10]
0x00007f28d94be0f4: mov r13, qword ptr [rsp]
0x00007f28d94be0f8: mov r15, r14
HASHTAG: 8DBAE794E10FF8F8CBF9AA94744D5759
Thanks
-Alex |
|