[Podofo-users] CVE fix proposal
A PDF parsing, modification and creation library.
Brought to you by:
domseichter
Menu
▾
▴
[Podofo-users] CVE fix proposal
|
From: Matthew B. <ma...@ma...> - 2017-02-27 23:14:39
|
Hi all, attached to the e-mail is a patch which I propose to fix CVE-2017-5853 and maybe also CVE-2017-5855. I haven't completed testing yet, but I have also already seen by running some test code, also attached, that my patch catches the bogus xref subsection start in the reproducer PDF (linked from Agostino Sarubbo's blog post). Please consider the patch for testing and applying it to the public repository (besides line number changes, it should apply to all currently open branches: 0.9.4, 0.9.5 and trunk. Best regards, mabri |
