Hi,

we encountered the same problem but with downloads of older publications 
which probably also are scans.

Having a closer look at the changes in 
        poppler/0.26.5-2+deb8u2

it seems the patch upstream_CVE-2017-9776.patch is incomplete. 
Probably just a line with "continue;" is missing. 

In our case the small attached patched fixed the problem.

Regards,
Andreas

--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -892,6 +892,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b
 
   for (yy = y0; yy < y1; ++yy) {
     if (unlikely((y + yy >= h) || (y + yy < 0)))
+      continue;
 
     // one byte per line -- need to mask both left and right side
     if (oneByte) {

Reply via email to