Date: Thu, 16 Jan 2014 18:55:24 +0000 From: "mancha" <mancha1@...h.com> To: oss-security@...ts.openwall.com Subject: CVE Request - Poppler library: DoS fixed in 0.24.5 Hello. It was discovered the JBIG2Stream::readSegments function in the Poppler library (prior to 0.24.5) does not properly handle segExtraBytes values, which allows remote attackers to cause a denial of service (application crash) via a crafted PDF that triggers a segmentation fault caused by an improper format control string.  Upstream fix: http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee Would you please allocate a CVE for this issue? Thanks. --mancha  https://bugs.kde.org/show_bug.cgi?id=328511
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ