Bug ID 1035534
Summary VUL-1: CVE-2017-7994: podofo: denial of service (NULL pointer dereference and application crash) via a crafted PDF document(TextExtractor::ExtractText in TextExtractor.cpp:77)
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.2
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter mikhail.kasimov@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Created attachment 722198 [details]
PoC_CVE-2017-7994

Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-7994
===================================================
Description

The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5
allows remote attackers to cause a denial of service (NULL pointer dereference
and application crash) via a crafted PDF document.

Source:  MITRE      Last Modified:  04/21/2017
===================================================

Hyperlink:

[1] https://github.com/icepng/PoC/tree/master/PoC1 (PoC and Analysis)
[2] https://icepng.github.io/2017/04/21/PoDoFo-1/

(open-)SUSE: https://software.opensuse.org/package/podofo

0.9.4 (TW, official repo)
0.9.3 (42.{1,2}, official repo)

You are receiving this mail because: