Hi again, On Mon, 12 Mar 2018 16:44:00 +0100 "Poenicke, Andreas (TFP)" <[email protected]> wrote: > Hi, > > we encountered the same problem but with downloads of older publications > which probably also are scans. > > Having a closer look at the changes in > poppler/0.26.5-2+deb8u2 > > it seems the patch upstream_CVE-2017-9776.patch is incomplete. > Probably just a line with "continue;" is missing.
if my analysis was correct, it means this bug is more severe than I thought at first glance! In this case, instead of fixing CVE-2017-9776 by avoiding that the following code is executed by malformed documents ,and thus preventing an "Integer overflow leading to Heap buffer overflow", according to the patch upstream_CVE-2017-9776 the code is executed *only* for malformed documents! Rendering the patch ineffective and poppler-0.26.5-3+deb8u3 is probably still vulnerable to CVE-2017-9776! Regards, Andreas

