Full Disclosure mailing list archives
SumatraPDF v2.0.1 chm and mobi files memory corruption
From: Carlo Di Dato <shinnai () autistici org>
Date: Mon, 23 Apr 2012 08:42:03 +0100
SumatraPDF si absolutely my favourite reader. It’s stable, secure, open source and offers the opportunity to read a lot of formats including .chm and. mobi files. Unfortunately there is the possibility, crafting these files, to cause a memory corruption which could lead into arbitrary code esecution. Info: http://didasec.wordpress.com/2012/04/23/sumatrapdf-v2-0-1-chm-and-mobi-files-memory-corruption/ http://code.google.com/p/sumatrapdf/issues/detail?id=1906 PoC: http://shinnai.altervista.org/exploits/SH-017-20120423.html Patch: http://code.google.com/p/sumatrapdf/source/detail?r=6381 http://code.google.com/p/sumatrapdf/source/detail?r=6383 Be safe _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SumatraPDF v2.0.1 chm and mobi files memory corruption Carlo Di Dato (Apr 23)