Mailinglist Archive: opensuse-bugs (4292 mails)

< Previous Next >
[Bug 1037000] New: VUL-1: CVE-2017-8378: podofo: denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp)
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 01 May 2017 08:09:50 +0000
  • Message-id: <bug-1037000-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1037000


Bug ID: 1037000
Summary: VUL-1: CVE-2017-8378: podofo: denial of service
(application crash) vectors related to m_offsets.size
(PdfParser::ReadObjects func in base/PdfParser.cpp)
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8378
===================================================
Description

Heap-based buffer overflow in the PdfParser::ReadObjects function in
base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of
service (application crash) or possibly have unspecified other impact via
vectors related to m_offsets.size.

Source: MITRE Last Modified: 04/30/2017
===================================================


Hyperlink

[1]
https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
Follow Ups