oss-sec mailing list archives
Re: CVE request: libpoppler4: buffer overflow in the Abiword backend
From: Thomas Biege <thomas () suse de>
Date: Wed, 18 Nov 2009 08:07:53 +0100
On Tue, Nov 17, 2009 at 09:27:03AM +0100, Thomas Biege wrote:
On Wed, Nov 11, 2009 at 08:05:32PM -0500, Josh Bressers wrote:----- "Thomas Biege" <thomas () suse de> wrote:Hello everybody, does this need an CVE-ID? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534680I presume this does need a CVE id, but seeing as PDF related bugs are often a Pandora's Box, I'd rather not assign one just yet. Has someone looked at this to see what the root of the problem is?AFAICS it just affects libpoppler. But version 4 may not be the only one with the bug.
Our maintainer told me that version 3 and 5 are vulnerable too.
--
Bye,
Thomas
--
Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach
Current thread:
- CVE request: libpoppler4: buffer overflow in the Abiword backend Thomas Biege (Nov 09)
- Re: CVE request: libpoppler4: buffer overflow in the Abiword backend Josh Bressers (Nov 11)
- Re: CVE request: libpoppler4: buffer overflow in the Abiword backend Thomas Biege (Nov 17)
- Re: CVE request: libpoppler4: buffer overflow in the Abiword backend Thomas Biege (Nov 17)
- Re: CVE request: libpoppler4: buffer overflow in the Abiword backend Josh Bressers (Nov 18)
- Re: CVE request: libpoppler4: buffer overflow in the Abiword backend Thomas Biege (Nov 17)
- Re: CVE request: libpoppler4: buffer overflow in the Abiword backend Josh Bressers (Nov 11)