CVE-2018-5309 - integer overflow in the...

A PDF parsing, modification and creation library.

Brought to you by: domseichter

This project can now be found here.

#5 CVE-2018-5309 - integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream

Milestone: SVN TRUNK

Status: closed

Owner: nobody

Labels: security (37)

Updated: 2018-03-11

Created: 2018-02-24

Creator: Mattia Rizzolo

Private: No

https://security-tracker.debian.org/tracker/CVE-2018-5309
https://bugzilla.redhat.com/show_bug.cgi?id=1532381

In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.

Tickets: #111
Tickets: ~~#33~~
Tickets: ~~#43~~
Tickets: #45
Tickets: ~~#46~~

Discussion

zyx - 2018-03-11

Fixed in revision 1907

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

zyx - 2018-03-11

http://sourceforge.net/p/podofo/code/1907

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

zyx - 2018-03-11

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CVE-2018-5309 - integer overflow in the...

A PDF parsing, modification and creation library.

Milestone

Searches

Help

#5 CVE-2018-5309 - integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream

Related

Discussion