Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.2:FactoryCandidates
podofo
podofo-CVE-2019-20093.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File podofo-CVE-2019-20093.patch of Package podofo
From the upstream bug report proposed fix From: Sandro Mani Date: Fri, 17 Jan 2020 Subject: podofo: denial of service (NULL pointer dereference) in PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h References: https://bugzilla.opensuse.org/1223437 References: https://sourceforge.net/p/podofo/tickets/75/ References: CVE-2019-20093 --- podofo-0.10.4/tools/podofoimgextract/ImageExtractor.cpp +++ podofo-0.10.4_new/tools/podofoimgextract/ImageExtractor.cpp @@ -88,6 +88,11 @@ //long lBitsPerComponent = pObject->GetDictionary().GetKey( PdfName("BitsPerComponent" ) )->GetNumber(); // TODO: Handle colorspaces + if ( !pObject->GetDictionary().HasKey( PdfName("Width" ) ) || !pObject->GetDictionary().HasKey( PdfName("Height" ) ) ) + { + PODOFO_RAISE_ERROR( ePdfError_BrokenFile ); + } + // Create a ppm image const char* ppmHeader = "P6\n# Image extracted by PoDoFo\n%u %u\n%li\n"; 2020-01-17
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor