On Wed, 2017-05-03 at 15:47 +0200, Matthew Brincke wrote:
> on May 1st, the Debian bug #861597 [1] was filed, mentioning the CVE
> ID
> of this PdfParser::ReadObjects heap overflow vulnerability: CVE-2017-
> 8378,
> under which it's also listed in the Debian security tracker for
> libpodofo
> (detail page [2]).
>
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861597
> [2] https://security-tracker.debian.org/tracker/CVE-2017-8378
Hi,
nice, I gave it a quick try and using that provided PDF and the code
suggested there, with svn trunk at revision 1824, I get this output:
Test test_cve_2017_8378 failed with error:
PoDoFo encountered an error. Error: 31
ePdfError_InvalidEncryptionDict
Error Description: The encryption dictionary is invalid or
misses a required key.
Callstack:
#0 Error Source: trunk/src/base/PdfParser.cpp:230
Information: Unable to load objects from file.
#1 Error Source: trunk/src/base/PdfParser.cpp:983
Information: Encryption dictionary references a
nonexistent object 157 0
Thus it's already fixed in the current development version.
Bye,
zyx
--
http://www.litePDF.cz [email protected]
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/podofo-users
