FYI, 3 new CVEs were published yesterday for PoDoFo. Accordingly, I've opened 3 bugs:
CVE-2018-8000 - heap-based buffer overflow in
PoDoFo::PdfTokenizer::GetNextToken()
https://sourceforge.net/p/podofo/tickets/13/
CVE-2018-8001 - heap-based buffer over-read in UnescapeName()
https://sourceforge.net/p/podofo/tickets/14/
CVE-2018-8002 - infinite loop vulnerability in
PdfParserObject::ParseFileComplete()
https://sourceforge.net/p/podofo/tickets/15/
I'm reporting this on the ML as well as I don't think all the usual
contributors subscribed to the bug tracker yet (but I think you should).
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Podofo-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/podofo-users
