Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Apr 2017 20:03:32 +0800
From: Xiaobo Xiang <xiangxb2112@...il.com>
To: Agostino Sarubbo <ago@...too.org>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp)

Hello ago,

They are two different issues, we could judge them by just checking the
call stacks. I have the infinite recursion crash in the pdfpage too but I
found your blog post so I ignored it. This is a different issue.

Best Regards,
Xiang Xiaobo

2017-04-22 19:46 GMT+08:00 Agostino Sarubbo <ago@...too.org>:

> On Saturday 22 April 2017 11:02:21 Xiaobo Xiang wrote:
> > There is a infinite recursion in
> > PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp )
> > In the ReadDocumentStructure function
>
> I found it too time ago, but since upstream was unresponsive about....I
> didn't
> investigate, and then I didn't know if it has the same root cause of:
> https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-
> podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp/
>
> --
> Agostino Sarubbo
> Gentoo Linux Developer
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ