On Thu, May 04, 2017 at 09:56:00AM +0200, zyx wrote:
> On Wed, 2017-05-03 at 21:43 +0200, Matthew Brincke wrote:
> > > nice, I gave it a quick try and using that provided PDF and the
> > > code suggested there, with svn trunk at revision 1824, I get this
> > > output:
> >
> > very probably there a
Hi,
On Wed, 2017-05-03 at 21:43 +0200, Matthew Brincke wrote:
> > nice, I gave it a quick try and using that provided PDF and the
> > code suggested there, with svn trunk at revision 1824, I get this
> > output:
>
> very probably there are transposed digits, you actually meaning the
> svn
Hi zyx, hi Mattia, hi all,
zyx has written on 3 May 2017 at 18:24:
>
> On Wed, 2017-05-03 at 15:47 +0200, Matthew Brincke wrote:
>
> > on May 1st, the Debian bug #861597 [1] was filed, mentioning the CVE
> > ID
> > of this PdfParser::ReadObjects heap overflow vulnerability: CVE-2017-
> > 8378,
On Wed, 2017-05-03 at 15:47 +0200, Matthew Brincke wrote:
> on May 1st, the Debian bug #861597 [1] was filed, mentioning the CVE
> ID
> of this PdfParser::ReadObjects heap overflow vulnerability: CVE-2017-
> 8378,
> under which it's also listed in the Debian security tracker for
> libpodofo
> (deta
Hello Mattia, hello zyx, hello all,
on May 1st, the Debian bug #861597 [1] was filed, mentioning the CVE ID
of this PdfParser::ReadObjects heap overflow vulnerability: CVE-2017-8378,
under which it's also listed in the Debian security tracker for libpodofo
(detail page [2]).
[1] https://bugs.debi
On Mon, Apr 24, 2017 at 08:20:04PM +0200, zyx wrote:
> thanks for reporting. It seems to not be filled here yet [1].
>
> Adding it to [1] would be also nice to have (not a question
> for you, I suppose).
Would be nice to have a CVE id also.
Could somebody fill https://cveform.mitre.org/ asking fo
On Sat, 2017-04-22 at 22:25 +0800, Xiaobo Xiang wrote:
> I've found a heap overflow bug in podofo library during my fuzzing
> with libFuzzer.
Hi,
thanks for reporting. It seems to not be filled here yet [1].
Could you provide the offending PDF file, please? It's easier for a
reproducer. A
Hi,
I've found a heap overflow bug in podofo library during my fuzzing with
libFuzzer.
My wrapper just simply called
PdfMemDocument doc( filename );
It crashed when parsing a crafted pdf file.
the crash log is as follows:
==17463==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x620
