http://bugzilla.opensuse.org/show_bug.cgi?id=1035534 Bug ID: 1035534 Summary: VUL-1: CVE-2017-7994: podofo: denial of service (NULL pointer dereference and application crash) via a crafted PDF document(TextExtractor::ExtractText in TextExtractor.cpp:77) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 722198 --> http://bugzilla.opensuse.org/attachment.cgi?id=722198&action=edit PoC_CVE-2017-7994 Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-7994 =================================================== Description The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document. Source: MITRE Last Modified: 04/21/2017 =================================================== Hyperlink: [1] https://github.com/icepng/PoC/tree/master/PoC1 (PoC and Analysis) [2] https://icepng.github.io/2017/04/21/PoDoFo-1/ (open-)SUSE: https://software.opensuse.org/package/podofo 0.9.4 (TW, official repo) 0.9.3 (42.{1,2}, official repo) -- You are receiving this mail because: You are on the CC list for the bug.