Source: libpodofo Version: 0.9.6+dfsg-3 Severity: important Tags: security upstream Forwarded: https://sourceforge.net/p/podofo/tickets/27/
Hi, The following vulnerability was published for libpodofo. CVE-2018-15889[0]: | In podofo 0.9.6, the function PoDoFo::PdfParser::ReadObjects() in | base/PdfParser.cpp can cause the program to be aborted, because | PoDoFo::PdfVecObjects::Reserve() in base/PdfVecObjects.h can be called | with a large size value. Remote attackers could leverage this | vulnerability to cause a denial-of-service via a crafted pdf file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-15889 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15889 [1] https://sourceforge.net/p/podofo/tickets/27/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore