info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1032609: zathura: immediate segmentation fault on some PDF file
65 views
Skip to first unread message
Vincent Lefevre
Mar 9, 2023, 8:30:04 PM3/9/23
to
Package: zathura
Version: 0.5.2-1
Severity: important
Tags: security
I got an immediate segmentation fault on some PDF file.
I couldn't reproduce the crash on the same PDF file, so that I suppose
that it is useless to attach it (which is a bit large). This is a PDF
generated by paps piped to ps2pdf (to convert PostScript to PDF).
zathura disables coredumps, which is a bigger issue, since one has
no ideas where it crashes.
Since PDF files often come from untrusted sources, this may be a
security issue. In any case, the code needs to be carefully reviewed.
-- System Information:
Debian Release: 12.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
merged-usr: no
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-5-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages zathura depends on:
ii libc6 2.36-8
ii libcairo2 1.16.0-7
ii libgirara-gtk3-3 0.3.9-1
ii libglib2.0-0 2.74.6-1
ii libgtk-3-0 3.24.37-2
ii libmagic1 1:5.44-3
ii libpango-1.0-0 1.50.12+ds-1
ii libseccomp2 2.5.4-1+b3
ii libsqlite3-0 3.40.1-1
ii libsynctex2 2022.20220321.62855-5
ii zathura-pdf-poppler 0.3.1-1
zathura recommends no packages.
Versions of packages zathura suggests:
ii firefox [www-browser] 110.0.1-1
hi firefox-esr [www-browser] 92.0-local
ii lynx [www-browser] 2.9.0dev.12-1
ii opera-stable [www-browser] 96.0.4693.50
ii w3m [www-browser] 0.5.3+git20230121-2
pn zathura-cb <none>
pn zathura-djvu <none>
pn zathura-ps <none>
-- no debconf information
--
Vincent Lefèvre <vin...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Version: 0.5.2-1
Severity: important
Tags: security
I got an immediate segmentation fault on some PDF file.
I couldn't reproduce the crash on the same PDF file, so that I suppose
that it is useless to attach it (which is a bit large). This is a PDF
generated by paps piped to ps2pdf (to convert PostScript to PDF).
zathura disables coredumps, which is a bigger issue, since one has
no ideas where it crashes.
Since PDF files often come from untrusted sources, this may be a
security issue. In any case, the code needs to be carefully reviewed.
-- System Information:
Debian Release: 12.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
merged-usr: no
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-5-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages zathura depends on:
ii libc6 2.36-8
ii libcairo2 1.16.0-7
ii libgirara-gtk3-3 0.3.9-1
ii libglib2.0-0 2.74.6-1
ii libgtk-3-0 3.24.37-2
ii libmagic1 1:5.44-3
ii libpango-1.0-0 1.50.12+ds-1
ii libseccomp2 2.5.4-1+b3
ii libsqlite3-0 3.40.1-1
ii libsynctex2 2022.20220321.62855-5
ii zathura-pdf-poppler 0.3.1-1
zathura recommends no packages.
Versions of packages zathura suggests:
ii firefox [www-browser] 110.0.1-1
hi firefox-esr [www-browser] 92.0-local
ii lynx [www-browser] 2.9.0dev.12-1
ii opera-stable [www-browser] 96.0.4693.50
ii w3m [www-browser] 0.5.3+git20230121-2
pn zathura-cb <none>
pn zathura-djvu <none>
pn zathura-ps <none>
-- no debconf information
--
Vincent Lefèvre <vin...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Vincent Lefevre
Mar 9, 2023, 8:40:04 PM3/9/23
to
On 2023-03-10 02:23:00 +0100, Vincent Lefevre wrote:
> zathura disables coredumps, which is a bigger issue, since one has
> no ideas where it crashes.
Concerning the lack of coredumps, I've done a search on the web
> zathura disables coredumps, which is a bigger issue, since one has
> no ideas where it crashes.
and found this:
https://blog.winny.tech/posts/debugging-zathura-gtk-seccomp/
Sebastian Ramacher
Mar 10, 2023, 4:00:05 AM3/10/23
to
Control: tags -1 moreinfo
On 2023-03-10 02:33:12 +0100, Vincent Lefevre wrote:
> On 2023-03-10 02:23:00 +0100, Vincent Lefevre wrote:
> > zathura disables coredumps, which is a bigger issue, since one has
> > no ideas where it crashes.
>
> Concerning the lack of coredumps, I've done a search on the web
> and found this:
>
> https://blog.winny.tech/posts/debugging-zathura-gtk-seccomp/
Add "set sandbox none" to your zathurarc to get a crash dump. So please
provide a backtrace with that setting.
Cheers
--
Sebastian Ramacher
On 2023-03-10 02:33:12 +0100, Vincent Lefevre wrote:
> On 2023-03-10 02:23:00 +0100, Vincent Lefevre wrote:
> > zathura disables coredumps, which is a bigger issue, since one has
> > no ideas where it crashes.
>
> Concerning the lack of coredumps, I've done a search on the web
> and found this:
>
> https://blog.winny.tech/posts/debugging-zathura-gtk-seccomp/
provide a backtrace with that setting.
Cheers
--
Sebastian Ramacher
0 new messages