On Sun, Feb 18, 2018 at 01:09:31PM +0100, zyx wrote:
> Right. Since the bug tracker is opened, I guess the best would be to
> use the bug tracker for new issues and for those CVE-s without patches,
> thus they won't get lost.
I've done so.
I opened a bug report for all CVEs that TTBOMK are still n
On Sun, 2018-02-04 at 20:48 +0100, Mattia Rizzolo wrote:
> The patch is attached (it's against released 0.9.5).
Hi,
thanks for forwarding the patch for CVE-2018-5295. I committed it as
revision 1889:
https://sourceforge.net/p/podofo/code/1889
>
> (PS: should we start moving these kind of
On Sun, Jan 28, 2018 at 12:52:55AM +0100, Matthew Brincke wrote:
> > > src/src/base/PdfXRefStreamParserObject.cpp:125:64: runtime error:
> > > signed integer overflow: 3 + 9223372036854775807 cannot be
> > > represented in type 'long int [3]'
>
> It looks like still CVE-worthy (specifically, CVE-2
Hello zyx, hello all,
> zyx has written on 14 January 2018 at 11:55:
>
>
> On Sat, 2018-01-06 at 09:25 -0500, Probe Fuzzer wrote:
> > we found that on latest version of PoDoFo (RELEASE_0.9.5_rc1),
>
> Hi,
> what is the RELEASE_0.9.5_rc1, please? The "rc1" suffix suggests it's a
> "releas
On Sat, 2018-01-06 at 09:25 -0500, Probe Fuzzer wrote:
> we found that on latest version of PoDoFo (RELEASE_0.9.5_rc1),
Hi,
what is the RELEASE_0.9.5_rc1, please? The "rc1" suffix suggests it's a
"release candidate", while the release itself had been made like a year
ago, thus it seems you
Hello,
we found that on latest version of PoDoFo (RELEASE_0.9.5_rc1), there is an
integer overflow in the PdfXRefStreamParserObject::ParseStream function
(src/base/PdfXRefStreamParserObject.cpp), which can cause denial of service
via a crafted pdf file.
src/src/base/PdfXRefStreamParserObject.cpp:1
