oss-sec mailing list archives
CVE request: mat doesn't remove metadata in embedded images in PDFs
From: Holger Levsen <holger () layer-acht org>
Date: Thu, 2 Jun 2016 10:33:28 +0000
Hi, https://digitalcourage.de/blog/2016/using-tails-be-careful-embedded-metadata explains how mat fails to do what it's supposed to do, namely removing embedded meta data. The bug is that it doesnt remove metadata from images embedded in PDFs (while it does remove metadata from PDFs and from images…) So basically the core feature of mat is partly broken :/ So I think this warrants a CVE as IMHO this ain't just a missing feature and folks on the #debian-security IRC channel agreed. This issue is being tracked by it's developers as https://labs.riseup.net/code/issues/11067 and in Debian as https://bugs.debian.org/826101 and affects all versions of mat and is not fixed anywhere yet. Could a CVE please be assigned to this issue? Also I wonder if similar bugs happen with other recursive formats, like an OpenDocument text embedding an image or embedding a pdf embedding an image or a zip file containing a zip file containing a .odt file containing an pdf containing an image… -- thanks, Holger (not subscribed to the list, please cc: me on replies.)
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: mat doesn't remove metadata in embedded images in PDFs Holger Levsen (Jun 02)
- Re: CVE request: mat doesn't remove metadata in embedded images in PDFs cve-assign (Jun 02)
- Re: CVE request: mat doesn't remove metadata in embedded images in PDFs Holger Levsen (Jun 02)
- Re: CVE request: mat doesn't remove metadata in embedded images in PDFs cve-assign (Jun 02)