Date: Thu, 19 Feb 2009 16:25:36 -0500 From: "Michael K. Johnson" <johnsonm@...th.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities On Fri, Feb 13, 2009 at 11:20:40AM +0200, Pinar Yanardag wrote: > 1) An uninitialised memory access error in the > "FormWidgetChoice::loadDefaults()" function can be exploited to cause a > crash via a specially crafted PDF document. This is changeset 1fc342eadcbbb41302f190b215c5daf23c9ec9b1 in poppler's git and is associated with poppler bug 19790 > 2) An error in the "JBIG2Stream::readSymbolDictSeg()" function can be > exploited to cause a crash via a specially crafted PDF document. This is changeset d3f04f537fb3e963c149a7e2d8d83c7cb19da8c0 in poppler's git and is associated with poppler bug 19702 These bugs were reported fixed in poppler-0.10.4.tar.gz, released on February 10, 2009
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.