Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Feb 2013 14:24:16 +0100
From: Marcus Meissner <>
To: OSS Security List <>
Subject: CVE Request: poppler 0.22.1 security fixes


poppler 0.22.1 was released without much ado, it however contains various security fixes.

The security fixes apparently come from AdressSanitizer work and fuzzing provided
by the Google Security Team.

The page:

explains most of it, and while it focuses on Adobe Acrobat Reader, they also covered
poppler testing inside.

So far I see:
	Fix invalid memory access in 1150.pdf.asan.8.69
	Fix invalid memory access in 2030.pdf.asan.69.463
	Fix another invalid memory access in 1091.pdf.asan.72.42
	Fix invalid memory accesses in 1091.pdf.asan.72.42
	Fix invalid memory accesses in 1036.pdf.asan.23.17
	Fix crash in broken file 1031.pdf.asan.48.15
	Do not crash in broken documents like 1007.pdf.asan.48.4
	Initialize refLine totally
	Fixes uninitialized memory read in 1004.pdf.asan.7.3 

As the blog page mentions "Huzaifa Sidhpurwala from RedHat Security", perhaps Redhat has assigned CVEs already.

Otherwise one ore more CVEs are required. 

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ