oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request - Poppler library: DoS fixed in 0.24.5

From: cve-assign () mitre org
Date: Fri, 17 Jan 2014 15:32:44 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


It was discovered the JBIG2Stream::readSegments function in the
Poppler library (prior to 0.24.5) does not properly handle
segExtraBytes values, which allows remote attackers to cause a
denial of service (application crash) via a crafted PDF that
triggers a segmentation fault caused by an improper format
control string.

https://bugs.kde.org/show_bug.cgi?id=328511
Upstream fix: 
http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee


Use CVE-2013-7296.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS2ZLMAAoJEKllVAevmvmsTbQH/3xqY6FrVy2LyO3g/9ko+g9v
gREbkwfRBwkOURyZbNjExr1bKPibeogGIeW4gnFT//D7UOPtPA+teGCoCFxh4ASX
ud8QPbqphhCT6IT/3xcd7Ln5JOZlJzrpm6OhWmld7kit5BcVg8b0diaVQRuaYw8c
tiTjbonWIaWQCdBiBCTmtKWu7KT3pdznAFm9zmr8qBAEkGkzodtd2ogj2A+4vR0E
kmZuA+dzy/qHZmoDGgqQjfJw0+lk7pyrjxthDzlpgjAQlKM4TNQs2EcAqz9MVOEQ
J9x0hbzKYL+n3VpCNLN9xqAf0K0vDBCeGOhoMGFR1TaBMJqhcfqtvF+w8VTzsZA=
=26w8
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: