[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE request: Poppler < 0.40.0
From: cve-assign () mitre ! org
Date: 2016-04-24 3:58:18
Message-ID: 20160424035818.A9F8672E09B () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> This is a clean heap overflow.
>
> https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433
>> ExponentialFunction::ExponentialFunction(Object *funcObj, Dict *dict) {
>> ...
>> + if (unlikely(n > funcMaxOutputs)) {
>> + error(errSyntaxError, -1, "Function's C0 array is wrong length");
>> + n = funcMaxOutputs;
>> + }
Use CVE-2015-8868.
- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXHEP+AAoJEHb/MwWLVhi2yCQP/jdyOQR6mHI2snwddK0mkFjC
DOUAa2SMTDyVvoOmRcBUWspMtqgfBUlyzGQvBSSf7wKq5QyyDGVzc0q392Ik+j8A
4NrFumG2uhUZGmt7ILzVAVRgOSVkNVVK3Ar8Ef/gX/MV+/ZQT/+YQFYlsauU28eE
VF1gKrPNLoczFnPbmjzZbf6RnqIaAnvce1IIF6UZblEhudAUvjG0X4QNvyxJBqWb
i0KOViYPc+VLqkYcNzGy3PFoDlUhU96xiSVpNPC7yoYFfrWrO4qLbO6V58tMALoz
vcKPRdonELjcedxO1mpZAXkVXXkBrgWP/m/K3HsI7XM/qLaRYcjvtOZFBe+SNQrF
HhVzGUBO8eB/1irkZTvqs3Qywbr4RZ9AC9+85Bl6lY4Tf58YmudMomn+IsPWAJ/o
N0IBTnCH1xaTGStK4XFwgO6+wPoIh2x0gkpeOLgXA3ebpPcLN0x84Anbu0MRUpHN
n6Ql07YXAtwmNpUrnQORklKqGSSo0k2GaANJKcxszHgF3fHCifQpbx2u6C0CON6f
cVpYvbIRc+YhhlCgqt/I4BAE0QTw82zMht0rfx3+55l0Hx+eecqxnO+bNWBDZp0J
xx1xQ/RF+KTs+OrozZk87w+M0La9Kn5VWQUEhwiXGOwom7edzJriJ9hteV7XSUT+
nEohPLvL3NfXqCsYei4f
=M8Dv
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic