Hello zyx, hello all, > zyx <z...@gmx.us> has written on 14 January 2018 at 11:55: > > > On Sat, 2018-01-06 at 09:25 -0500, Probe Fuzzer wrote: > > we found that on latest version of PoDoFo (RELEASE_0.9.5_rc1), > > Hi, > what is the RELEASE_0.9.5_rc1, please? The "rc1" suffix suggests it's a > "release candidate", while the release itself had been made like a year > ago, thus it seems you use some pre-release code. Nonetheless, as that's a tag in the PoDoFo svn repository at sf.net, but the currently latest is RELEASE_0.9.5, of course (made ca. 4 days less than a year ago). > > > src/src/base/PdfXRefStreamParserObject.cpp:125:64: runtime error: > > signed integer overflow: 3 + 9223372036854775807 cannot be > > represented in type 'long int [3]' > > It looks like it had been fixed more than 6 months ago in the > development version at revision 1851: > https://sourceforge.net/p/podofo/code/1851 > as part of the fix for CVE-2017-8787. >
It looks like still CVE-worthy (specifically, CVE-2018-5295) to me in svn r1875 as signed integer overflow is undefined behaviour (AFAIK also for 64-bit integer types). This happens for e.g. nW[0] + nW[1] > std::numeric_limits<pdf_int64>::max() - nW[2] assuming all nW[] > 0 (first in line 125). > Thanks and bye, > zyx > Best regards, mabri ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users
