[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- HTMLDOC
From: Alex Legler <a3li () gentoo ! org>
Date: 2009-07-26 7:24:30
Message-ID: 1248593070.4204.16.camel () localhost
[Download RAW message or body]
On Sa, 2009-07-25 at 15:31 +0200, Nico Golde wrote:
> Did you check:
> htmllib.cxx: if (sscanf(line, "%*s%*s%*s%*s%f%*s%*s%s", &width, glyph) != 2)
> ps-pdf.cxx: if (sscanf(line, "%*s%*s%*s%*s%d%*s%*s%s", &width, glyph) != 2)
> as well?
> Looks like a similar issue to me.
>
Indeed it is the same issue. I could cause an overflow with a crafted
AFM font file.
I have added these two to the upstream bug report.
Regards,
Alex
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic