Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:Update
podofo
podofo-CVE-2018-12983.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File podofo-CVE-2018-12983.patch of Package podofo
Index: src/base/PdfEncrypt.cpp =================================================================== --- src/base/PdfEncrypt.cpp (revision 1929) +++ src/base/PdfEncrypt.cpp (working copy) @@ -607,6 +607,12 @@ && PdfEncrypt::IsEncryptionEnabled( ePdfEncryptAlgorithm_RC4V2 ) ) { // [Alexey] - lLength is pdf_int64. Please make changes in encryption algorithms + // [mabri] - Fix CVE-2018-12983: Check key length lLength here + // to prevent stack-based buffer over-read in line 867 of this file + if (lLength > MD5_DIGEST_LENGTH * 8) // lLength in bits, md5 in bytes + { + PODOFO_RAISE_ERROR_INFO( ePdfError_ValueOutOfRange, "Given key length too large for MD5." ); + } pdfEncrypt = new PdfEncryptRC4(oValue, uValue, pValue, rValue, ePdfEncryptAlgorithm_RC4V2, static_cast<int>(lLength), encryptMetadata); } else
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor