Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
podofo.34526
r1963-Fix-heap-based-buffer-overflow-vulnerabil...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File r1963-Fix-heap-based-buffer-overflow-vulnerability-in-PoDoFo-PdfVariant-DelayedLoad.patch of Package podofo.34526
------------------------------------------------------------------------ r1963 | mabri | 2019-02-03 01:00:23 +0100 (dom 03 de feb de 2019) | 1 línea Fix (security) issue #39 Index: src/doc/PdfNamesTree.cpp =================================================================== --- src/doc/PdfNamesTree.cpp (revisión: 1962) +++ src/doc/PdfNamesTree.cpp (revisión: 1963) @@ -504,7 +504,17 @@ // convert all strings into names PdfName name( (*it).GetString().GetString() ); ++it; - rDict.AddKey( name, *(it) ); + // fixes (security) issue #39 in PoDoFo's tracker (sourceforge.net) + if ( it == names.end() ) + { + PdfError::LogMessage( eLogSeverity_Warning, + "No reference in /Names array last element in " + "object %lu %lu, possible\nexploit attempt!\n", + pObj->Reference().ObjectNumber(), + pObj->Reference().GenerationNumber() ); + break; + } + rDict.AddKey( name, (*it) ); ++it; } ------------------------------------------------------------------------
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor