Bug ID | 1035534 |
---|---|
Summary | VUL-1: CVE-2017-7994: podofo: denial of service (NULL pointer dereference and application crash) via a crafted PDF document(TextExtractor::ExtractText in TextExtractor.cpp:77) |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.2 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | mikhail.kasimov@gmail.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Created attachment 722198 [details] PoC_CVE-2017-7994 Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-7994 =================================================== Description The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Source: MITRE Last Modified: 04/21/2017 =================================================== Hyperlink: [1] https://github.com/icepng/PoC/tree/master/PoC1 (PoC and Analysis) [2] https://icepng.github.io/2017/04/21/PoDoFo-1/ (open-)SUSE: https://software.opensuse.org/package/podofo 0.9.4 (TW, official repo) 0.9.3 (42.{1,2}, official repo)